Erik David Martin

CVE-2020-37246 EXPLOITDB MEDIUM text WORKING POC

WordPress Plugin Supsystic Backup 2.3.9 Local File Inclusion

Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal sequences to access sensitive files like /etc/passwd or delete files via the removeAction parameter.

CVSS 6.2

View Code

CVE-2020-37245 EXPLOITDB HIGH text WRITEUP

WordPress Plugin Supsystic Digital Publications 1.6.9 Path Traversal XSS

Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication settings, allowing stored cross-site scripting attacks through script injection in parameters like Area Width and Publication Width that execute when publications are viewed or edited.

CVSS 7.5

View Code

CVE-2020-37244 EXPLOITDB HIGH text WORKING POC

WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract sensitive database information using time-based blind or UNION-based SQL injection techniques.

CVSS 8.2

View Code

CVE-2020-37243 EXPLOITDB HIGH text WORKING POC

WordPress Plugin Supsystic Pricing Table 1.8.7 SQL Injection XSS

Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and 'Edit HTML' fields that execute malicious scripts when viewing pricing tables.

CVSS 8.2

View Code

CVE-2020-37242 EXPLOITDB HIGH text WORKING POC

WordPress Plugin Supsystic Ultimate Maps 1.1.12 SQL Injection via sidx

Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with boolean-based blind or time-based blind SQL injection payloads to extract sensitive database information.

CVSS 8.2

View Code

CVE-2018-20658 EXPLOITDB HIGH python WORKING POC

Core FTP 2.0 build 653 - Denial of Service via XRMD Command

The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial of service (daemon crash) via a crafted XRMD command.

CVSS 7.5

View Code

EIP-2026-114096 EXPLOITDB text WORKING POC

WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities

View Code

EIP-2026-114188 EXPLOITDB text WORKING POC

WordPress Plugin Welcart e-Commerce 2.0.0 - 'search[order_column][0]' SQL injection

View Code

EIP-2026-114100 EXPLOITDB text WORKING POC

WordPress Plugin Supsystic Newsletter 1.5.5 - 'sidx' SQL injection

View Code

EIP-2026-114097 EXPLOITDB text WRITEUP

WordPress Plugin Supsystic Data Tables Generator 1.9.96 - Multiple Vulnerabilities

View Code