Daniele Scanu

35 exploits Active since Mar 2019
CVE-2019-9053 NOMISEC HIGH WORKING POC
CMS Made Simple 2.2.8 - Unauthenticated Blind SQL Injection via News Module m1_idlist Parameter
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
CVSS 8.1
CVE-2019-9053 NOMISEC HIGH WORKING POC
CMS Made Simple 2.2.8 - Unauthenticated Blind SQL Injection via News Module m1_idlist Parameter
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
CVSS 8.1
CVE-2019-10867 METASPLOIT HIGH ruby WORKING POC
pimcore < 5.7.1 - Authenticated Remote Code Execution via Unserialize in Bulk-Commit Endpoint
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.
CVSS 8.8
CVE-2019-9055 METASPLOIT HIGH ruby WORKING POC
CMS Made Simple < 2.2.8 - Authenticated Remote Code Execution via m1_allparms Deserialization
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection.
CVSS 8.8
CVE-2019-9692 METASPLOIT MEDIUM ruby WORKING POC
CMS Made Simple < 2.2.10 - Unrestricted File Upload via Watermark Image Extension Bypass
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
CVSS 6.5
CVE-2019-10866 EXPLOITDB CRITICAL text WORKING POC
10web Form Maker < 1.13.3 - SQL Injection via Submissioc Parameter
In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.
CVSS 9.8
CVE-2019-9692 EXPLOITDB MEDIUM python WORKING POC
CMS Made Simple < 2.2.10 - Unrestricted File Upload via Watermark Image Extension Bypass
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
CVSS 6.5
CVE-2019-9053 EXPLOITDB HIGH python WORKING POC
CMS Made Simple 2.2.8 - Unauthenticated Blind SQL Injection via News Module m1_idlist Parameter
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
CVSS 8.1
CVE-2019-10867 EXPLOITDB HIGH ruby WORKING POC
pimcore < 5.7.1 - Authenticated Remote Code Execution via Unserialize in Bulk-Commit Endpoint
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.
CVSS 8.8
CVE-2019-9692 EXPLOITDB MEDIUM ruby WORKING POC
CMS Made Simple < 2.2.10 - Unrestricted File Upload via Watermark Image Extension Bypass
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
CVSS 6.5