Damian Ebelties

6 exploits Active since Jul 2019
CVE-2019-16125 EXPLOITDB CRITICAL bash WORKING POC
Jobberbase 2.0 - SQL Injection via Category Parameter
In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection.
CVSS 9.8
CVE-2019-16124 EXPLOITDB CRITICAL text WORKING POC
YouPHPTube < 7.4 - Unauthenticated Arbitrary File Write via checkConfiguration.php
In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code.
CVSS 9.8
CVE-2019-16123 EXPLOITDB HIGH text WORKING POC
Kartatopia PilusCart <1.4.1 - Info Disclosure
In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.
CVSS 7.5
CVE-2019-14470 EXPLOITDB MEDIUM text WORKING POC
cosenary Instagram-PHP-API <4.9.32 - XSS
cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.
CVSS 6.1
CVE-2019-1010124 EXPLOITDB MEDIUM text WORKING POC
WebAppick WooCommerce Product Feed <2.2.18 - XSS
WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to RCE via editing theme files in WordPress. The component is: admin/partials/woo-feed-manage-list.php:63. The attack vector is: Administrator must be logged in.
CVSS 5.4
CVE-2019-15811 EXPLOITDB MEDIUM text WORKING POC
DomainMOD < 4.13.0 - Cross-Site Scripting via daterange Parameter
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.
CVSS 6.1