Cody Zacharias

2 exploits Active since Nov 2017
CVE-2018-15153 EXPLOITDB HIGH python WORKING POC
OpenEMR <5.0.1.4 - Command Injection
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php.
CVSS 8.8
CVE-2017-12636 EXPLOITDB HIGH python WORKING POC
Apache Couchdb < 1.7.0 - OS Command Injection
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
CVSS 7.2