Halit AKAYDIN (hLtAkydn)

9 exploits Active since May 2022
CVE-2021-42645 WRITEUP CRITICAL WORKING POC
Cmsimple-xh Cmsimple XH - Unrestricted File Upload
CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host.
CVSS 10.0
CVE-2021-47788 EXPLOITDB HIGH python WORKING POC
Websitebaker - Unrestricted File Upload
WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code execution on the server.
CVSS 8.8
CVE-2021-47753 EXPLOITDB CRITICAL python WORKING POC
Phpkf Cms - Unrestricted File Upload
phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter.
CVSS 9.8
CVE-2021-47736 EXPLOITDB HIGH python WORKING POC
Cmsimple-xh Cmsimple XH - Code Injection
CMSimple_XH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitrary command execution on the server.
CVSS 7.2
EIP-2026-110198 EXPLOITDB python WORKING POC
Online Traffic Offense Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
EIP-2026-107810 EXPLOITDB python WORKING POC
ImpressCMS 1.4.2 - Remote Code Execution (RCE) (Authenticated)
EIP-2026-106946 EXPLOITDB python WORKING POC
Evolution CMS 3.1.6 - Remote Code Execution (RCE) (Authenticated)
EIP-2026-106669 EXPLOITDB python WORKING POC
e107 CMS 2.3.0 - Remote Code Execution (RCE) (Authenticated)
EIP-2026-106198 EXPLOITDB text WORKING POC
COVID19 Testing Management System 1.0 - 'Multiple' SQL Injections