Ai Ho

2 exploits Active since Jan 2020
CVE-2021-47978 EXPLOITDB MEDIUM text WORKING POC
ProcessMaker 3.5.4 Local File Inclusion via Path Traversal
ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send requests with directory traversal sequences to access sensitive system files like /etc/passwd without authentication.
CVSS 6.2
CVE-2020-2096 EXPLOITDB MEDIUM text WORKING POC
Jenkins Gitlab Hook Plugin < 1.4.2 - Reflected Cross-Site Scripting via Build Now Endpoint
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.
CVSS 6.1