Ha0Liu

4 exploits Active since Mar 2022
CVE-2022-22947 NOMISEC CRITICAL WORKING POC
Spring Cloud Gateway Remote Code Execution
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
12 stars
CVSS 10.0
CVE-2022-4282 WRITEUP MEDIUM WRITEUP
SpringBootCMS - Remote Code Execution via Template Injection
A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is some unknown functionality of the component Template Management. The manipulation leads to injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214790 is the identifier assigned to this vulnerability.
CVSS 4.7
CVE-2022-4300 WRITEUP MEDIUM WRITEUP
FastCMS - Remote Code Execution via Template Handler
A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214901 was assigned to this vulnerability.
CVSS 6.3
CVE-2023-0647 WRITEUP MEDIUM WRITEUP
dst-admin 1.5.0 - Remote Command Execution via kickPlayer userId Argument
A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-220034 is the identifier assigned to this vulnerability.
CVSS 6.3