Guilherme Assmann

3 exploits Active since Oct 2017
CVE-2017-15373 EXPLOITDB CRITICAL text WORKING POC
E-Sic 1.0 - SQL Injection via Search Private Area q Parameter
E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).
CVSS 9.8
CVE-2018-5715 EXPLOITDB MEDIUM text WORKING POC
SugarCRM 3.5.1 - Cross-Site Scripting via Query String Parameter Name
phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).
CVSS 6.1
CVE-2018-12254 EXPLOITDB HIGH php WORKING POC
Harmis Ek Rishta <2.10 - SQL Injection
router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI.
CVSS 8.8