Egidio Romano

39 exploits Active since Feb 2013
CVE-2023-46818 NOMISEC HIGH WORKING POC
ISPConfig language_edit.php PHP Code Injection
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
17 stars
CVSS 7.2
CVE-2025-47916 NOMISEC CRITICAL WORKING POC
Invisioncommunity < 5.0.7 - Remote Code Execution
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings.
1 stars
CVSS 10.0
CVE-2024-58258 NOMISEC HIGH WORKING POC
SugarCRM <13.0.4 and 14.x <14.0.1 - Server-Side Request Forgery via API Module Code Injection
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur.
1 stars
CVSS 7.2
CVE-2023-46818 GITLAB HIGH WORKING POC
ISPConfig language_edit.php PHP Code Injection
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
CVSS 7.2
CVE-2014-8598 METASPLOIT ruby WORKING POC
MantisBT < 1.2.17 - Unauthenticated Arbitrary File Upload and Information Disclosure via XML Import/Export Plugin
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.
CVE-2013-3215 METASPLOIT CRITICAL ruby WORKING POC
vtiger CRM 5.1.0-5.4.0 - Authentication Bypass via Improper Session Validation
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
CVSS 9.8
CVE-2013-3213 EXPLOITDB WRITEUP
vtiger CRM 5.0.0-5.4.0 - SQL Injection via Picklist Name or Email Address Parameter
Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php.
CVE-2013-3214 EXPLOITDB CRITICAL WRITEUP
vtiger CRM < 5.4.0 - PHP Code Injection via vtigerolservice.php
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
CVSS 9.8
CVE-2013-2749 EXPLOITDB WRITEUP
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3528. Reason: This candidate is a reservation duplicate of CVE-2013-3528. Notes: All CVE users should reference CVE-2013-3528 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2014-7146 EXPLOITDB ruby WORKING POC
MantisBT - Remote Code Execution via XmlImportExport Plugin Preg Replace
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
CVE-2025-66571 EXPLOITDB CRITICAL text WORKING POC
UNA CMS <14.0.0-RC4 - Code Injection
UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profile_id POST parameter is passed to PHP unserialize() without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially write and execute arbitrary PHP code.
CVE-2025-25034 EXPLOITDB CRITICAL ruby WORKING POC
SugarCRM - Unauthenticated Remote Code Execution via PHP Object Injection
A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the rest_data parameter before passing it to the unserialize() function. This allows an unauthenticated attacker to submit crafted serialized data containing malicious object declarations, resulting in arbitrary code execution within the application context. Although SugarCRM released a prior fix in advisory sugarcrm-sa-2016-001, the patch was incomplete and failed to address some vectors. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-13 UTC.
CVE-2013-1412 EXPLOITDB text WRITEUP
DataLife Engine 9.7 - Remote Code Execution via catlist[] Parameter
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
CVE-2013-3212 EXPLOITDB HIGH text WRITEUP
vtiger CRM < 5.4.0 - Local File Inclusion and Remote Code Execution via customerportal.php
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.
CVSS 8.1
CVE-2013-3214 METASPLOIT CRITICAL ruby WORKING POC
vtiger CRM < 5.4.0 - PHP Code Injection via vtigerolservice.php
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
CVSS 9.8
CVE-2014-7146 METASPLOIT ruby WORKING POC
MantisBT - Remote Code Execution via XmlImportExport Plugin Preg Replace
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
CVE-2024-25641 METASPLOIT CRITICAL ruby WORKING POC
Cacti Import Packages RCE
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.
CVSS 9.1
CVE-2025-67888 METASPLOIT HIGH ruby WORKING POC
Control Web Panel /admin/index.php Unauthenticated RCE
An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php (when the "api" parameter is set) is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject and execute arbitrary OS commands with the privileges of root on the web server. Softaculous or SitePad must be present.
CVSS 7.3
CVE-2023-46818 METASPLOIT HIGH ruby WORKING POC
ISPConfig language_edit.php PHP Code Injection
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
CVSS 7.2
CVE-2014-7285 METASPLOIT ruby WORKING POC
Symantec Web Gateway <5.2.2 - Command Injection
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.
CVE-2013-3215 EXPLOITDB CRITICAL text WRITEUP
vtiger CRM 5.1.0-5.4.0 - Authentication Bypass via Improper Session Validation
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
CVSS 9.8
CVE-2013-3528 EXPLOITDB text WRITEUP
Vanilla Forums <2.0.18.8 - Code Injection
Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."
EIP-2026-112473 EXPLOITDB text WRITEUP
SugarCRM 6.5.18 - PHP Code Injection
EIP-2026-111301 EXPLOITDB text WRITEUP
Piwik 2.16.0 - 'layout' PHP Object Injection
EIP-2026-111056 EXPLOITDB php WORKING POC
phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit