Amel BOUZIANE-LEBLOND

5 exploits Active since Jun 2020
CVE-2022-50899 EXPLOITDB MEDIUM text WORKING POC
Geonetwork 3.10-4.2.0 - SSRF
Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files through the baseURL parameter in PDF creation requests.
CVSS 6.5
CVE-2021-47766 EXPLOITDB HIGH text WORKING POC
Kmaleon 1.1.0.205 - SQL Injection
Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vulnerability using boolean-based, error-based, and time-based blind SQL injection techniques to potentially extract or manipulate database information.
CVSS 7.1
EIP-2026-118237 EXPLOITDB text WORKING POC
Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution (RCE)
CVE-2020-14011 EXPLOITDB CRITICAL text WRITEUP
Lansweeper <7.2.x - Command Injection
Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features.
CVSS 9.8
EIP-2026-110442 EXPLOITDB text WORKING POC
PackWeb Formap E-learning 1.0 - 'NumCours' SQL Injection