Alperen Ergel

15 exploits Active since Dec 2020
CVE-2022-28132 EXPLOITDB HIGH text WORKING POC
T-Soft E-Commerce 4 - SQL Injection
The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can bypass authentication mechanisms, view sensitive information stored in the database, and potentially exfiltrate data.
CVSS 7.2
CVE-2021-47800 EXPLOITDB MEDIUM text WORKING POC
b2evolution 7.2.2 - CSRF
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpage.
CVSS 5.3
CVE-2020-35126 EXPLOITDB MEDIUM text WORKING POC
Typesetter CMS <5.1 - XSS
Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy.
CVSS 4.8
CVE-2020-29458 EXPLOITDB HIGH text WORKING POC
Textpattern CMS 4.6.2 - CSRF
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
CVSS 8.8
CVE-2024-40422 EXPLOITDB CRITICAL python WORKING POC
stitionai devika v1 - Path Traversal
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system.
CVSS 9.1
EIP-2026-112614 EXPLOITDB text WORKING POC
Textpattern 4.8.8 - Remote Code Execution (RCE) (Authenticated)
EIP-2026-112615 EXPLOITDB text WORKING POC
Textpattern CMS 4.6.2 - 'body' Persistent Cross-Site Scripting
EIP-2026-112829 EXPLOITDB text WORKING POC
TypeSetter 5.1 - CSRF (Change admin e-mail)
CVE-2020-35241 EXPLOITDB MEDIUM text WORKING POC
Flatpress - XSS
FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload.
CVSS 4.8
EIP-2026-105674 EXPLOITDB text WORKING POC
Cab Management System 1.0 - Remote Code Execution (RCE) (Authenticated)
EIP-2026-105673 EXPLOITDB text WORKING POC
Cab Management System 1.0 - 'id' SQLi (Authenticated)
EIP-2026-105551 EXPLOITDB text WORKING POC
Bludit 3-14-1 Plugin 'UploadPlugin' - Remote Code Execution (RCE) (Authenticated)
EIP-2026-104904 EXPLOITDB text WORKING POC
Accounting Journal Management System 1.0 - 'id' SQLi (Authenticated)
EIP-2026-104460 EXPLOITDB text WORKING POC
T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting (XSS)
EIP-2026-104461 EXPLOITDB text WORKING POC
T-Soft E-Commerce 4 - change 'admin credentials' Cross-Site Request Forgery (CSRF)