BouSalman

5 exploits Active since Dec 2018
CVE-2020-35545 NOMISEC CRITICAL WORKING POC
Spotweb - SQL Injection
Time-based SQL injection exists in Spotweb 1.4.9 via the query string.
CVSS 9.8
CVE-2021-28931 WRITEUP HIGH WRITEUP
Fork-cms Fork Cms < 5.9.3 - Unrestricted File Upload
Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.
CVSS 8.8
CVE-2018-1000811 EXPLOITDB HIGH text WORKING POC
bludit <3.0.0 - RCE
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code.
CVSS 8.8
CVE-2021-27370 EXPLOITDB MEDIUM text WORKING POC
Monica 2.19.1 - XSS
The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.
CVSS 5.4
EIP-2026-104451 EXPLOITDB text WORKING POC
Spotweb 1.4.9 - 'search' SQL Injection