EthicalHCOP - Security Researcher - Exploit Intelligence Platform

CVE-2020-28413 NOMISEC MEDIUM WORKING POC

MantisBT < 2.24.4 - SQL Injection via API SOAP mc_project_get_users Parameter

In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.

CVSS 5.3

View Code

CVE-2019-12890 NOMISEC CRITICAL WORKING POC

RedwoodHQ 2.5.5 - Unauthenticated Admin User Creation via Database Insert Operation

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call.

CVSS 9.8

View Code

CVE-2019-12890 EXPLOITDB CRITICAL python WORKING POC

RedwoodHQ 2.5.5 - Unauthenticated Admin User Creation via Database Insert Operation

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call.

CVSS 9.8

View Code

CVE-2020-28413 EXPLOITDB MEDIUM python WORKING POC

MantisBT < 2.24.4 - SQL Injection via API SOAP mc_project_get_users Parameter

In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.

CVSS 5.3

View Code