Eldar Marcussen

4 exploits Active since Sep 2014
CVE-2014-2008 EXPLOITDB text WRITEUP
PrestaShop <1.6 - SQL Injection
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.
CVE-2019-10669 METASPLOIT HIGH ruby WORKING POC
Librenms < 1.47 - OS Command Injection
An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru().
CVSS 7.2
CVE-2014-2009 EXPLOITDB text WRITEUP
mPAY24 <1.6 - Info Disclosure
The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.
CVE-2019-10669 EXPLOITDB HIGH ruby WORKING POC
Librenms < 1.47 - OS Command Injection
An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru().
CVSS 7.2