Hackhoven

3 exploits Active since Sep 2019
CVE-2016-10956 NOMISEC HIGH WORKING POC
Mail-masta - Improper Input Validation
The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
1 stars
CVSS 7.5
CVE-2019-18818 NOMISEC CRITICAL WORKING POC
Strapi CMS Unauthenticated Password Reset
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
CVSS 9.8
CVE-2019-19609 VULNCHECK_XDB HIGH WORKING POC
Strapi <3.0.0-beta.17.8 - RCE
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.
CVSS 7.2