AK-blank

3 exploits Active since Aug 2021
CVE-2021-43778 NOMISEC CRITICAL WORKING POC
GLPI Barcode Plugin 2.0-2.6.0 - Path Traversal via front/send.php
Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file.
3 stars
CVSS 9.1
CVE-2021-37832 NOMISEC CRITICAL WORKING POC
HotelDruid 3.0.2 - SQL Injection via idappartamenti Parameter
A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter.
2 stars
CVSS 9.8
CVE-2021-42325 NOMISEC CRITICAL WRITEUP
froxlor < 0.10.30 - SQL Injection via Custom DB Name
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
1 stars
CVSS 9.8