4rdr

7 exploits Active since May 2024
CVE-2024-40348 WRITEUP HIGH WRITEUP
bazarr < 1.4.3 - Unauthenticated Path Traversal via /api/swaggerui/static
An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal.
CVSS 8.2
CVE-2024-36428 WRITEUP HIGH WRITEUP
OrangeHRM 3.3.3 - SQL Injection via sortOrder Parameter
OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection.
CVSS 8.1
CVE-2024-40347 WRITEUP MEDIUM WRITEUP
Hyland Alfresco Platform 23.2.1-r96 - XSS
A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid.
CVSS 6.1
CVE-2025-50972 WRITEUP CRITICAL WRITEUP
AbanteCart 1.4.2 - Unauthenticated SQL Injection via tmpl_id Parameter
SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmpl_id parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP(), and UNION-based injection to extract arbitrary data.
CVSS 9.8
CVE-2025-50979 WRITEUP HIGH WRITEUP
NodeBB v4.3.0 - Unauthenticated SQL Injection via Search-Categories API Endpoint
NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint (/api/v3/search/categories). The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads.
CVSS 8.6
CVE-2025-50986 WRITEUP MEDIUM WRITEUP
diskover-web v2.3.0 Community Edition - Stored Cross-Site Scripting in Administrative Settings Interface
diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting (XSS) vulnerabilities in its administrative settings interface. Various configuration fields such as ES_HOST, ES_INDEXREFRESH, ES_PORT, ES_SCROLLSIZE, ES_TRANSLOGSIZE, ES_TRANSLOGSYNCINT, EXCLUDES_FILES, FILE_TYPES[], INCLUDES_DIRS, INCLUDES_FILES, and TIMEZONE do not properly sanitize user-supplied input. Malicious payloads submitted via these parameters are persisted in the application and executed whenever an administrator views or edits the settings page.
CVSS 5.6
CVE-2025-50989 WRITEUP CRITICAL WRITEUP
OPNsense <25.1.8 - Command Injection
OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint (interfaces_bridge_edit.php). The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitrary shell operators and payloads. Successful exploitation results in remote code execution with the privileges of the web service (typically root), potentially leading to full system compromise or lateral movement. This vulnerability arises from inadequate input validation and improper handling of user-supplied data in backend command invocations.
CVSS 9.1