Chapman (R3naissance) Schleiss

4 exploits Active since Feb 2018
CVE-2017-18195 WRITEUP MEDIUM SCANNER
Concrete CMS < 8.3.0 - Unauthenticated Comment Enumeration via cnvID Parameter
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.
CVSS 5.3
CVE-2020-13968 WRITEUP CRITICAL SCANNER
CRK Business Platform <= 2019.1 - SQL Injection via strSessao Parameter
CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter.
CVSS 9.8
CVE-2020-13969 WRITEUP MEDIUM SCANNER
CRK Business Platform <= 2019.1 - Reflected Cross-Site Scripting via erro.aspx Parameters
CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter. This is path-independent.
CVSS 6.1
CVE-2017-18195 EXPLOITDB MEDIUM python WORKING POC
Concrete CMS < 8.3.0 - Unauthenticated Comment Enumeration via cnvID Parameter
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.
CVSS 5.3