Egidio Romano aka EgiX

35 exploits Active since Dec 2011
CVE-2011-4448 EXPLOITDB WRITEUP
Wikkawiki - SQL Injection
SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action.
CVE-2011-4449 EXPLOITDB WRITEUP
WikkaWiki 1.3.1-1.3.2 - RCE
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
CVE-2011-4450 EXPLOITDB WRITEUP
Wikkawiki - Path Traversal
Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action.
CVE-2011-4451 EXPLOITDB WRITEUP
WikkaWiki <1.3.2 - Code Injection
libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter
CVE-2025-66571 EXPLOITDB CRITICAL text WORKING POC
UNA CMS <14.0.0-RC4 - Code Injection
UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profile_id POST parameter is passed to PHP unserialize() without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially write and execute arbitrary PHP code.
CVE-2012-3996 EXPLOITDB php WORKING POC
Tikiwiki Cms/groupware < 8.2 - Information Disclosure
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
CVE-2012-1125 EXPLOITDB php WORKING POC
Kish Guest Posting <1.2 - RCE
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.
CVE-2012-1495 EXPLOITDB CRITICAL php WORKING POC
Webcalendar < 1.2.5 - Injection
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
CVSS 9.8
CVE-2011-10013 EXPLOITDB CRITICAL php WORKING POC
Traq <2.3 - RCE
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code.
CVE-2011-4337 EXPLOITDB php WORKING POC
SiT! <3.65 - Code Injection
Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.
CVE-2011-4825 EXPLOITDB php WORKING POC
Phpletter Ajax File And Image Manager < 1.0 - Code Injection
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
EIP-2026-114292 EXPLOITDB php WORKING POC
WordPress Plugin Zingiri 2.2.3 - 'ajax_save_name.php' Remote Code Execution
CVE-2012-5318 EXPLOITDB php WORKING POC
Kish Guest Posting plugin 1.2 - RCE
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125.
CVE-2011-4452 EXPLOITDB text WRITEUP
Wikkawiki - CSRF
Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action.
CVE-2012-1496 EXPLOITDB HIGH php WORKING POC
Webcalendar < 1.2.5 - Injection
Local file inclusion in WebCalendar before 1.2.5.
CVSS 8.8
CVE-2019-17132 EXPLOITDB CRITICAL php WORKING POC
Vbulletin < 5.5.4 - Code Injection
vBulletin through 5.5.4 mishandles custom avatars.
CVSS 9.8
CVE-2011-4558 EXPLOITDB HIGH text WRITEUP
Tiki < 8.2 - Injection
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
CVSS 7.2
CVE-2012-0911 EXPLOITDB CRITICAL php WORKING POC
TikiWiki CMS/Groupware < 6.7 LTS & < 8.4 - RCE
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.
CVSS 9.8
CVE-2011-5075 EXPLOITDB php WORKING POC
SiT! <3.65 - Info Disclosure
translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path.
CVE-2012-0694 EXPLOITDB CRITICAL php WORKING POC
SugarCRM CE <= 6.3.1 - Code Injection
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
CVSS 9.8
CVE-2011-4453 EXPLOITDB php WORKING POC
Pmwiki - Code Injection
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
CVE-2012-1300 EXPLOITDB php WORKING POC
PHPFox 3.0.1 - 'ajax.php' Remote Command Execution
CVE-2011-4825 EXPLOITDB php WORKING POC
Phpletter Ajax File And Image Manager < 1.0 - Code Injection
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
EIP-2026-111056 EXPLOITDB php WORKING POC
phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit
CVE-2012-1002 EXPLOITDB php WORKING POC
OpenConf <4.12 - SQL Injection
SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL commands via the pid parameter.