1337kid

8 exploits Active since Sep 2018
CVE-2023-38836 NOMISEC HIGH WORKING POC
BoidCMS Command Injection
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.
5 stars
CVSS 8.8
CVE-2023-37629 WRITEUP CRITICAL WORKING POC
Online Piggery Management System 1.0 - Unauthenticated Arbitrary File Upload via add-pig.php
Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php."
CVSS 9.8
CVE-2018-16763 VULNCHECK_XDB CRITICAL WORKING POC
FUEL CMS < 1.4.2 - Unauthenticated Remote Code Execution via Pages Filter or Preview Data Parameter
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
CVSS 9.8
CVE-2023-37628 WRITEUP CRITICAL WORKING POC
Online Piggery Management System 1.0 - SQL Injection
Online Piggery Management System 1.0 is vulnerable to SQL Injection.
CVSS 9.8
CVE-2023-37630 WRITEUP MEDIUM WORKING POC
Online Piggery Management System 1.0 - Unauthenticated Stored Cross-Site Scripting via manage-breed.php
Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting (XSS). An unauthenticated user can POST JavaScript code to "manage-breed.php" resulting in Persistent XSS.
CVSS 6.1
CVE-2023-38836 METASPLOIT HIGH ruby WORKING POC
BoidCMS Command Injection
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.
CVSS 8.8
CVE-2023-37629 EXPLOITDB CRITICAL bash WORKING POC
Online Piggery Management System 1.0 - Unauthenticated Arbitrary File Upload via add-pig.php
Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php."
CVSS 9.8
CVE-2023-38836 EXPLOITDB HIGH python WORKING POC
BoidCMS Command Injection
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.
CVSS 8.8