Fatih Çelik

9 exploits Active since Nov 2020
CVE-2020-25538 EXPLOITDB HIGH ruby WORKING POC
CMSuno 1.6.2 - Authenticated Remote Code Execution via Lang Parameter
An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.
CVSS 8.8
EIP-2026-111823 EXPLOITDB text WORKING POC
Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection
EIP-2026-111824 EXPLOITDB text WORKING POC
Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection
EIP-2026-111982 EXPLOITDB python WORKING POC
Sentrifugo 3.2 - 'assets' Remote Code Execution (Authenticated)
EIP-2026-111985 EXPLOITDB python WORKING POC
Sentrifugo Version 3.2 - 'announcements' Remote Code Execution (Authenticated)
EIP-2026-111822 EXPLOITDB text WORKING POC
Rukovoditel Project Management CRM 2.5.2 - 'entities_id' SQL Injection
EIP-2026-106038 EXPLOITDB text WORKING POC
CMSUno 1.6.2 - 'user' Remote Code Execution (Authenticated)
CVE-2020-25557 EXPLOITDB HIGH ruby WORKING POC
CMSuno 1.6.2 - Authenticated Remote Code Execution via Username Parameter
In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server.
CVSS 8.8
EIP-2026-106037 EXPLOITDB python WORKING POC
CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)