Alexandre ZANNI

19 exploits Active since Aug 2018
CVE-2023-38490 NOMISEC MEDIUM WORKING POC
Kirby <3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, 3.9.6 - XXE
Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the `Xml` data handler (e.g. `Data::decode($string, 'xml')`) or the `Xml::parse()` method in site or plugin code. The Kirby core does not use any of the affected methods. XML External Entities (XXE) is a little used feature in the XML markup language that allows to include data from external files in an XML structure. If the name of the external file can be controlled by an attacker, this becomes a vulnerability that can be abused for various system impacts like the disclosure of internal or confidential data that is stored on the server (arbitrary file disclosure) or to perform network requests on behalf of the server (server-side request forgery, SSRF). Kirby's `Xml::parse()` method used PHP's `LIBXML_NOENT` constant, which enabled the processing of XML external entities during the parsing operation. The `Xml::parse()` method is used in the `Xml` data handler (e.g. `Data::decode($string, 'xml')`). Both the vulnerable method and the data handler are not used in the Kirby core. However they may be used in site or plugin code, e.g. to parse RSS feeds or other XML files. If those files are of an external origin (e.g. uploaded by a user or retrieved from an external URL), attackers may be able to include an external entity in the XML file that will then be processed in the parsing process. Kirby sites that don't use XML parsing in site or plugin code are *not* affected. The problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have removed the `LIBXML_NOENT` constant as processing of external entities is out of scope of the parsing logic. This protects all uses of the method against the described vulnerability.
CVSS 6.8
CVE-2023-23752 NOMISEC MEDIUM WORKING POC
Joomla! 4.0.0-4.2.7 - Unauthenticated Improper Access Control in Webservice Endpoints
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
CVSS 5.3
CVE-2019-25137 NOMISEC HIGH WORKING POC
Umbraco CMS <7.15.10 - Authenticated RCE
Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
CVSS 7.2
CVE-2019-13029 WRITEUP MEDIUM WRITEUP
REDCap 8.0-8.10.2 - Stored Cross-Site Scripting in Admin Panel and Survey System
Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser.
CVSS 4.8
CVE-2020-8776 EXPLOITDB MEDIUM WRITEUP
Alfresco < 5.2.7 and < 6.2.0 - Cross-Site Scripting via File URL Property
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.
CVSS 5.4
CVE-2020-8777 EXPLOITDB MEDIUM WRITEUP
Alfresco < 5.2.7 and < 6.2.0 - Stored Cross-Site Scripting via User Profile Photo SVG
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.
CVSS 5.4
CVE-2025-54761 WRITEUP HIGH WRITEUP
PPress 0.0.9 - Privilege Escalation
An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie.
CVSS 8.0
CVE-2019-13029 EXPLOITDB MEDIUM text WORKING POC
REDCap 8.0-8.10.2 - Stored Cross-Site Scripting in Admin Panel and Survey System
Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser.
CVSS 4.8
CVE-2018-15139 EXPLOITDB HIGH ruby WORKING POC
OpenEMR < 5.0.1.4 - Authenticated Arbitrary PHP File Upload via Site Files Manager
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.
CVSS 8.8
EIP-2026-110295 EXPLOITDB ruby WORKING POC
OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)
EIP-2026-110297 EXPLOITDB ruby WORKING POC
OpenEMR 5.0.1.7 - 'fileName' Path Traversal (Authenticated) (2)
CVE-2023-23752 EXPLOITDB MEDIUM python WORKING POC
Joomla! 4.0.0-4.2.7 - Unauthenticated Improper Access Control in Webservice Endpoints
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
CVSS 5.3
CVE-2018-16763 EXPLOITDB CRITICAL ruby WORKING POC
FUEL CMS < 1.4.2 - Unauthenticated Remote Code Execution via Pages Filter or Preview Data Parameter
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
CVSS 9.8
CVE-2022-0482 EXPLOITDB CRITICAL ruby WORKING POC
GitHub alextselegidis/easyappointments <1.4.3 - Info Disclosure
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.
CVSS 9.1
CVE-2020-25557 EXPLOITDB HIGH ruby WORKING POC
CMSuno 1.6.2 - Authenticated Remote Code Execution via Username Parameter
In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server.
CVSS 8.8
CVE-2019-17240 EXPLOITDB CRITICAL ruby WORKING POC
Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass via X-Forwarded-For Header
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
CVSS 9.8
CVE-2020-8778 EXPLOITDB MEDIUM text WRITEUP
Alfresco < 5.2.7 and < 6.2.0 - Authenticated Stored Cross-Site Scripting via Uploaded Document
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
CVSS 5.4
CVE-2025-47228 EXPLOITDB MEDIUM python WORKING POC
Netmake ScriptCase <9.12.006 - Command Injection
In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests.
CVSS 6.7
EIP-2026-100666 EXPLOITDB python WORKING POC
Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)