Egidio Romano

39 exploits Active since Feb 2013
CVE-2013-3242 EXPLOITDB text WRITEUP
Joomla! <2.5.10-3.0.4 - Code Injection
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.
CVE-2013-1453 EXPLOITDB text WRITEUP
Joomla! 2.5.x-3.0.2 - PHP Object Injection via Highlight Parameter
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.
CVE-2021-26599 EXPLOITDB CRITICAL php WORKING POC
ImpressCMS < 1.4.3 - SQL Injection via findusers.php Groups Parameter
ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.
CVSS 9.8
CVE-2016-6174 EXPLOITDB HIGH text WORKING POC
Invision Power Board < 4.1.13 - Remote Code Execution via content_class Parameter
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.
CVSS 8.1
CVE-2013-7387 EXPLOITDB text WRITEUP
DataLife Engine <9.7 - Info Disclosure
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.
EIP-2026-106127 EXPLOITDB text WRITEUP
Concrete5 CMS 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion
CVE-2013-1465 EXPLOITDB CRITICAL text WRITEUP
CubeCart 5.0.0-5.2.0 - Remote Code Execution via Unserialization in Shipping Parameter
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.
CVSS 9.8
CVE-2014-7146 EXPLOITDB ruby WORKING POC
MantisBT - Remote Code Execution via XmlImportExport Plugin Preg Replace
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
CVE-2013-3214 EXPLOITDB CRITICAL ruby WORKING POC
vtiger CRM < 5.4.0 - PHP Code Injection via vtigerolservice.php
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
CVSS 9.8
CVE-2025-48932 EXPLOITDB text WRITEUP
Invision Community 4.7.20 - (calendar/view.php) SQL Injection
CVE-2014-8598 EXPLOITDB ruby WORKING POC
MantisBT < 1.2.17 - Unauthenticated Arbitrary File Upload and Information Disclosure via XML Import/Export Plugin
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.
CVE-2024-58258 EXPLOITDB HIGH text WORKING POC
SugarCRM <13.0.4 and 14.x <14.0.1 - Server-Side Request Forgery via API Module Code Injection
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur.
CVSS 7.2
CVE-2025-47916 EXPLOITDB CRITICAL php WORKING POC
Invisioncommunity < 5.0.7 - Remote Code Execution
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings.
CVSS 10.0
CVE-2014-7285 EXPLOITDB ruby WORKING POC
Symantec Web Gateway <5.2.2 - Command Injection
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.