Besim ALTINOK

27 exploits Active since Jan 2019
CVE-2025-34029 EXPLOITDB HIGH text WORKING POC
Edimax EW-7438RPn Mini <1.13 - Command Injection
An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.
CVSS 8.8
CVE-2025-34024 EXPLOITDB HIGH text WORKING POC
Edimax EW-7438RPn <1.13 - Command Injection
An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacters to achieve arbitrary command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.
CVSS 8.8
CVE-2020-37097 EXPLOITDB HIGH text WRITEUP
Edimax EW-7438RPn <1.13 - Info Disclosure
Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and plaintext password stored in device configuration variables.
CVSS 7.5
CVE-2020-37096 EXPLOITDB MEDIUM text WORKING POC
Edimax EW-7438RPn <1.13 - CSRF
Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized MAC addresses to the device's filtering rules without their consent.
CVSS 5.3
CVE-2020-37094 EXPLOITDB CRITICAL text WRITEUP
EspoCRM 5.8.5 - Auth Bypass
EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access to administrative user information and privileges.
CVSS 9.8
CVE-2020-37093 EXPLOITDB HIGH text WORKING POC
Netis E1+ 1.2.32533 - Info Disclosure
Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network credentials including SSID and WiFi passwords in plain text.
CVSS 7.5
CVE-2020-37092 EXPLOITDB HIGH text WORKING POC
Netis E1+ <1.2.32533 - Privilege Escalation
Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device.
CVSS 7.5
CVE-2020-37091 EXPLOITDB MEDIUM text WORKING POC
Maian Support Helpdesk <4.3 - CSRF
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FAQ attachment system.
CVSS 5.3
CVE-2020-37090 EXPLOITDB CRITICAL text WORKING POC
School ERP Pro 1.0 - RCE
School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server.
CVSS 9.8
CVE-2020-37089 EXPLOITDB HIGH text WRITEUP
School ERP Pro 1.0 - SQL Injection
School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete database information.
CVSS 8.2
CVE-2020-37088 EXPLOITDB HIGH text WORKING POC
School ERP Pro 1.0 - Info Disclosure
School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system credentials and configuration information.
CVSS 7.5
CVE-2020-37084 EXPLOITDB HIGH text WORKING POC
School ERP Pro 1.0 - RCE
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the server.
CVSS 7.2
CVE-2020-37082 EXPLOITDB CRITICAL text WRITEUP
webERP 4.15.1 - Info Disclosure
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_[timestamp].sql.gz file.
CVSS 9.8
CVE-2020-37080 EXPLOITDB CRITICAL text WORKING POC
webTareas 2.0.p8 - Privilege Escalation
webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on the server through an unauthenticated file deletion mechanism.
CVSS 9.8
CVE-2020-37078 EXPLOITDB HIGH text WORKING POC
i-doit Open Source CMDB 1.14.1 - File Deletion
i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from the server's filesystem.
CVSS 8.8
CVE-2020-37077 EXPLOITDB MEDIUM text WORKING POC
Booked Scheduler 2.7.7 - Path Traversal
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating directory path traversal techniques.
CVSS 6.5
CVE-2016-10738 EXPLOITDB HIGH text WORKING POC
Castlamp Zenbership - CSRF
Zenbership v107 has CSRF via admin/cp-functions/event-add.php.
CVSS 8.8
CVE-2016-10737 EXPLOITDB MEDIUM text WORKING POC
S9Y Serendipity - XSS
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
CVSS 5.4
EIP-2026-112924 EXPLOITDB text WORKING POC
User Management System 2.0 - Authentication Bypass
EIP-2026-112925 EXPLOITDB text WORKING POC
User Management System 2.0 - Persistent Cross-Site Scripting
EIP-2026-111265 EXPLOITDB text WORKING POC
PhreeBooks ERP 5.2.5 - Remote Command Execution
EIP-2026-111615 EXPLOITDB text WRITEUP
qdPM 9.1 - Arbitrary File Upload
EIP-2026-110812 EXPLOITDB text WRITEUP
PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload
EIP-2026-106109 EXPLOITDB text WORKING POC
Complaint Management System 4.2 - Cross-Site Request Forgery (Delete User)
EIP-2026-106308 EXPLOITDB text WORKING POC
CuteNews 2.1.2 - Arbitrary File Deletion