Cyber-Wo0dy

4 exploits Active since Feb 2022
CVE-2023-46501 NOMISEC CRITICAL WRITEUP
BoltWire 6.03 - Unauthenticated Sensitive Information Disclosure and Password Change
An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function.
13 stars
CVSS 9.1
CVE-2023-47129 NOMISEC HIGH WRITEUP
Statamic < 3.4.13 and 4.0.0-4.33.0 - Unrestricted Upload of File with Dangerous Type via Front-End Forms
Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.
3 stars
CVSS 8.3
CVE-2023-49052 NOMISEC HIGH WRITEUP
Microweber 2.0.4 - Unauthenticated Arbitrary File Upload via Created Forms Component
File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.
CVSS 8.8
CVE-2022-24227 NOMISEC MEDIUM WRITEUP
BoltWire 7.10 and 8.00 - Cross-Site Scripting via Name and Lastname Parameters
A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.
CVSS 6.1