DXY0411

5 exploits Active since Jul 2019
CVE-2020-8637 NOMISEC CRITICAL WORKING POC
TestLink 1.9.20 - SQL Injection via dragdroptreenodes.php node_id Parameter
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.
CVSS 9.8
CVE-2020-9484 NOMISEC HIGH WORKING POC
Apache Tomcat < 7.0.108 - Insecure Deserialization
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
CVSS 7.0
CVE-2020-23342 NOMISEC HIGH WORKING POC
Anchor CMS 0.12.7 - Cross-Site Request Forgery in User Edit Function
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
CVSS 8.8
CVE-2019-1020010 NOMISEC MEDIUM WORKING POC
Misskey < 10.102.4 - Token Hijacking via Cross-Site Scripting
Misskey before 10.102.4 allows hijacking a user's token.
CVSS 6.1
CVE-2019-16113 NOMISEC HIGH WORKING POC
Bludit 3.9.2 - Remote Code Execution via Image Upload Path Traversal
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
CVSS 8.8