Askar (@mohammadaskar2)

7 exploits Active since Jul 2019
CVE-2020-8813 NOMISEC HIGH WORKING POC
Cacti 1.2.8 - Command Injection
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
68 stars
CVSS 8.8
CVE-2020-12078 NOMISEC HIGH WORKING POC
Opmantek Open-audit - OS Command Injection
An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.
18 stars
CVSS 8.8
CVE-2019-15029 NOMISEC HIGH WORKING POC
Fusionpbx - OS Command Injection
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command.
7 stars
CVSS 8.8
CVE-2020-12078 NOMISEC HIGH WORKING POC
Opmantek Open-audit - OS Command Injection
An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.
CVSS 8.8
EIP-2026-110452 EXPLOITDB python WORKING POC
Pandora 7.0NG - Remote Code Execution
CVE-2019-13024 EXPLOITDB HIGH python WORKING POC
Centreon - Command Injection
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).
CVSS 8.8
CVE-2020-14947 EXPLOITDB HIGH text WORKING POC
OCS Inventory NG <2.7 - RCE
OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid.
CVSS 8.8