BouSalman

5 exploits Active since Dec 2018
CVE-2020-35545 NOMISEC CRITICAL WORKING POC
Spotweb 1.4.9 - Time-based SQL Injection via Query String
Time-based SQL injection exists in Spotweb 1.4.9 via the query string.
CVSS 9.8
CVE-2021-28931 WRITEUP HIGH WRITEUP
Fork CMS < 5.9.3 - Arbitrary File Upload via Themes Panel Zip File
Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.
CVSS 8.8
CVE-2018-1000811 EXPLOITDB HIGH text WORKING POC
Bludit 3.0.0 - Unrestricted Upload of File with Dangerous Type in Pages Editor
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code.
CVSS 8.8
CVE-2021-27370 EXPLOITDB MEDIUM text WORKING POC
Monica 2.19.1 - Stored Cross-Site Scripting via Last Name Field
The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.
CVSS 5.4
EIP-2026-104451 EXPLOITDB text WORKING POC
Spotweb 1.4.9 - 'search' SQL Injection