Egidio Romano aka EgiX

35 exploits Active since Dec 2011
EIP-2026-110242 EXPLOITDB php WORKING POC
Open-Letters - Remote PHP Code Injection
CVE-2021-26599 EXPLOITDB CRITICAL php WORKING POC
Impresscms < 1.4.4 - SQL Injection
ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.
CVSS 9.8
CVE-2012-5692 EXPLOITDB php WORKING POC
Invision Power Board <3.3.x - Unknown Vuln
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
CVE-2012-5692 EXPLOITDB php WORKING POC
Invision Power Board <3.3.x - Unknown Vuln
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
CVE-2011-5147 EXPLOITDB text WORKING POC
Freewebshop < 2.2.9 - Code Injection
Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php.
CVE-2011-4825 EXPLOITDB text WRITEUP
Phpletter Ajax File And Image Manager < 1.0 - Code Injection
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
CVE-2012-1153 EXPLOITDB php WORKING POC
Apprain < 0.1.5 - Unrestricted File Upload
Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
CVE-2011-4825 EXPLOITDB php WORKING POC
Phpletter Ajax File And Image Manager < 1.0 - Code Injection
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
CVE-2024-58258 EXPLOITDB HIGH text WORKING POC
SugarCRM <13.0.4, <14.0.1 - SSRF
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur.
CVSS 7.2
CVE-2025-47916 EXPLOITDB CRITICAL php WORKING POC
Invisioncommunity < 5.0.7 - Remote Code Execution
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings.
CVSS 10.0