Egidio Romano aka EgiX

37 exploits Active since Dec 2011
CVE-2025-67887 NOMISEC CRITICAL WORKING POC
1C-Bitrix through 25.100.500 - Remote Code Execution
1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged users who can upload new translated pages to the website.
CVSS 9.8
CVE-2025-67886 NOMISEC MEDIUM WORKING POC
Bitrix24 through 25.100.300 - Remote Code Execution
Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged users who can upload new translated pages to the website.
CVSS 6.3
CVE-2011-4448 EXPLOITDB WRITEUP
WikkaWiki 1.3.1 and 1.3.2 - SQL Injection via default_comment_display Parameter
SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action.
CVE-2011-4449 EXPLOITDB WRITEUP
WikkaWiki 1.3.1 and 1.3.2 - Arbitrary PHP Code Execution via File Upload with Multiple Extensions
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
CVE-2011-4450 EXPLOITDB WRITEUP
WikkaWiki 1.3.1 and 1.3.2 - Path Traversal via File Parameter
Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action.
CVE-2011-4451 EXPLOITDB WRITEUP
WikkaWiki 1.3.1 and 1.3.2 - Arbitrary PHP Code Write via User-Agent HTTP Header
libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter
CVE-2025-66571 EXPLOITDB CRITICAL text WORKING POC
UNA CMS <14.0.0-RC4 - Code Injection
UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profile_id POST parameter is passed to PHP unserialize() without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially write and execute arbitrary PHP code.
CVE-2012-3996 EXPLOITDB php WORKING POC
TikiWiki CMS/Groupware < 8.2 - Exposure of Sensitive Information via Direct Request
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
CVE-2012-1125 EXPLOITDB php WORKING POC
Kish Guest Posting Plugin < 1.2 - Unauthenticated Arbitrary File Upload via uploadify.php
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.
CVE-2012-1495 EXPLOITDB CRITICAL php WORKING POC
WebCalendar < 1.2.5 - Remote Code Execution via form_single_user_login Parameter
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
CVSS 9.8
CVE-2011-10013 EXPLOITDB CRITICAL php WORKING POC
Traq Project Issue Tracking System 2.0-2.3 - Unauthenticated Remote Code Execution via Admin Plugin Injection
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code.
CVE-2011-4337 EXPLOITDB php WORKING POC
Support Incident Tracker 3.45-3.65 - Remote Code Execution via Lang Parameter in translate.php
Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.
CVE-2011-4825 EXPLOITDB php WORKING POC
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
EIP-2026-114292 EXPLOITDB php WORKING POC
WordPress Plugin Zingiri 2.2.3 - 'ajax_save_name.php' Remote Code Execution
CVE-2011-4452 EXPLOITDB text WRITEUP
WikkaWiki 1.3.1 and 1.3.2 - Cross-Site Request Forgery in AdminUsers Component
Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action.
CVE-2012-5318 EXPLOITDB php WORKING POC
Kish Guest Posting plugin 1.2 - RCE
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125.
CVE-2019-17132 EXPLOITDB CRITICAL php WORKING POC
vBulletin <= 5.5.4 - Remote Code Execution via Custom Avatar Handling
vBulletin through 5.5.4 mishandles custom avatars.
CVSS 9.8
CVE-2012-1496 EXPLOITDB HIGH php WORKING POC
WebCalendar < 1.2.5 - Local File Inclusion
Local file inclusion in WebCalendar before 1.2.5.
CVSS 8.8
CVE-2012-0911 EXPLOITDB CRITICAL php WORKING POC
TikiWiki CMS/Groupware < 6.7 LTS & < 8.4 - RCE
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.
CVSS 9.8
CVE-2011-4558 EXPLOITDB HIGH text WRITEUP
Tiki < 8.2 - Authenticated Remote Code Execution via Regex Parameters
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
CVSS 7.2
CVE-2011-5075 EXPLOITDB php WORKING POC
Support Incident Tracker 3.45-3.65 - Information Disclosure via translate.php save action
translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path.
CVE-2012-0694 EXPLOITDB CRITICAL php WORKING POC
SugarCRM CE <= 6.3.1 - Code Injection
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
CVSS 9.8
CVE-2011-4453 EXPLOITDB php WORKING POC
PmWiki 2.x < 2.2.35 - Remote Code Execution via PageListSort Order Parameter
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
CVE-2012-1300 EXPLOITDB php WORKING POC
PHPFox 3.0.1 - 'ajax.php' Remote Command Execution
CVE-2011-4825 EXPLOITDB php WORKING POC
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.