Daniele Scanu

32 exploits Active since Mar 2019
CVE-2019-10867 METASPLOIT HIGH ruby WORKING POC
Pimcore < 5.7.1 - Insecure Deserialization
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.
CVSS 8.8
CVE-2019-9692 METASPLOIT MEDIUM ruby WORKING POC
CMSMS <2.2.10 - Info Disclosure
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
CVSS 6.5
CVE-2019-10866 EXPLOITDB CRITICAL text WORKING POC
10web Form Maker < 1.13.3 - SQL Injection
In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.
CVSS 9.8
CVE-2019-9692 EXPLOITDB MEDIUM python WORKING POC
CMSMS <2.2.10 - Info Disclosure
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
CVSS 6.5
CVE-2019-9053 EXPLOITDB HIGH python WORKING POC
Cmsmadesimple Cms Made Simple - SQL Injection
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
CVSS 8.1
CVE-2019-10867 EXPLOITDB HIGH ruby WORKING POC
Pimcore < 5.7.1 - Insecure Deserialization
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.
CVSS 8.8
CVE-2019-9692 EXPLOITDB MEDIUM ruby WORKING POC
CMSMS <2.2.10 - Info Disclosure
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
CVSS 6.5