0xFTW

5 exploits Active since Jan 2022
CVE-2022-23935 NOMISEC HIGH WORKING POC
ExifTool <12.38 - Command Injection
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection.
8 stars
CVSS 7.8
CVE-2023-27842 NOMISEC HIGH WORKING POC
eXtplorer 2.1.15 - Remote Code Execution via Insecure Permissions in index.php
Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent
2 stars
CVSS 8.8
CVE-2022-23935 GITHUB HIGH python WORKING POC
ExifTool <12.38 - Command Injection
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection.
CVSS 7.8
CVE-2023-27163 NOMISEC MEDIUM WORKING POC
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
CVSS 6.5
CVE-2022-23935 INTHEWILD HIGH WORKING POC
ExifTool <12.38 - Command Injection
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection.
CVSS 7.8