Egidio Romano aka EgiX

37 exploits Active since Dec 2011
EIP-2026-111056 EXPLOITDB php WORKING POC
phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit
CVE-2012-1002 EXPLOITDB php WORKING POC
OpenConf < 4.12 - SQL Injection via Author Edit PID Parameter
SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
EIP-2026-110242 EXPLOITDB php WORKING POC
Open-Letters - Remote PHP Code Injection
CVE-2021-26599 EXPLOITDB CRITICAL php WORKING POC
ImpressCMS < 1.4.3 - SQL Injection via findusers.php Groups Parameter
ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.
CVSS 9.8
CVE-2012-5692 EXPLOITDB php WORKING POC
Invision Power Board 3.1.x-3.3.x core.php - Impact Unknown
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
CVE-2012-5692 EXPLOITDB php WORKING POC
Invision Power Board 3.1.x-3.3.x core.php - Impact Unknown
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
CVE-2011-5147 EXPLOITDB text WORKING POC
FreeWebshop < 2.2.9 - Remote Code Execution via Ajax File Manager
Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php.
CVE-2011-4825 EXPLOITDB text WRITEUP
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
CVE-2012-1153 EXPLOITDB php WORKING POC
appRain CMF <= 0.1.5 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
CVE-2011-4825 EXPLOITDB php WORKING POC
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
CVE-2024-58258 EXPLOITDB HIGH text WORKING POC
SugarCRM <13.0.4 and 14.x <14.0.1 - Server-Side Request Forgery via API Module Code Injection
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur.
CVSS 7.2
CVE-2025-47916 EXPLOITDB CRITICAL php WORKING POC
Invisioncommunity < 5.0.7 - Remote Code Execution
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings.
CVSS 10.0