Guilhem RIOUX

10 exploits Active since Sep 2022
CVE-2023-26469 NOMISEC CRITICAL WORKING POC
Jorani 1.0.0 - Path Traversal and Remote Code Execution
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
CVSS 9.8
CVE-2022-35914 WRITEUP CRITICAL WORKING POC
GLPI htmLawed php command injection
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
CVSS 9.8
CVE-2023-26469 WRITEUP CRITICAL WORKING POC
Jorani 1.0.0 - Path Traversal and Remote Code Execution
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
CVSS 9.8
CVE-2022-41572 WRITEUP CRITICAL WORKING POC
EyesOfNetwork <5.3.11 - Privilege Escalation
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server.
CVSS 9.8
CVE-2022-41573 WRITEUP CRITICAL WORKING POC
Ovidentia 8.3 - Unrestricted Upload of Executable Files Leading to Remote Code Execution
An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. It will then be accessible at an images/common/ URI for remote code execution.
CVSS 9.8
CVE-2022-45185 WRITEUP HIGH WORKING POC
SuiteCRM 7.12.7 - Authenticated Remote Code Execution via Deserialization
An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution.
CVSS 8.8
CVE-2022-45186 WRITEUP HIGH WORKING POC
SuiteCRM 7.12.7 - Privilege Escalation
An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a database.
CVSS 8.1
CVE-2023-23563 WRITEUP MEDIUM WORKING POC
Geomatika IsiGeo Web 6.0 - Authenticated SQL Injection
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL Injection.
CVSS 6.5
CVE-2023-23564 WRITEUP HIGH WORKING POC
Geomatika IsiGeo Web 6.0 - Authenticated Remote Command Execution
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands.
CVSS 8.8
CVE-2023-23565 WRITEUP MEDIUM WORKING POC
Geomatika IsiGeo Web 6.0 - Authenticated Local File Inclusion
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion.
CVSS 4.9