Gus Ralph

4 exploits Active since Jan 2026
CVE-2020-37054 EXPLOITDB MEDIUM text WORKING POC
Navigate CMS 2.8.7 - CSRF
Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without additional validation.
CVSS 4.3
CVE-2020-37053 EXPLOITDB HIGH python WORKING POC
Navigate CMS 2.8.7 - Authenticated SQL Injection
Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts.
CVSS 7.1
CVE-2020-37051 EXPLOITDB HIGH python WORKING POC
Online-Exam-System 2015 - SQL Injection
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate user password characters.
CVSS 8.2
EIP-2026-109842 EXPLOITDB text WORKING POC
Navigate CMS 2.8.7 - Authenticated Directory Traversal