Hassan Khan Yusufzai

7 exploits Active since Sep 2022
CVE-2022-31814 NOMISEC CRITICAL WORKING POC
pfBlockerNG < 2.1.4_26 - Remote Code Execution via HTTP Host Header
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.
23 stars
CVSS 9.8
CVE-2022-50953 EXPLOITDB MEDIUM text WORKING POC
WordPress Plugin admin-word-count-column 2.2 Local File Read
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing directory traversal sequences and null bytes to bypass file restrictions and read sensitive files like system configuration.
CVSS 6.2
CVE-2022-50956 EXPLOITDB MEDIUM text WORKING POC
WordPress Plugin amministrazione-aperta 3.7.3 Local File Read
WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php to include and read sensitive files accessible to the web server.
CVSS 6.2
CVE-2022-50955 EXPLOITDB MEDIUM text WORKING POC
WordPress Plugin Curtain 1.0.2 Cross-site Request Forgery
WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can trick authenticated administrators into submitting forged requests to the options-general.php page with curtain parameters to toggle maintenance mode without valid nonce validation.
CVSS 4.3
CVE-2022-50954 EXPLOITDB MEDIUM text WORKING POC
WordPress Plugin cab-fare-calculator 1.0.3 Local File Inclusion
WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to include arbitrary files outside the intended controllers directory.
CVSS 6.2
EIP-2026-114087 EXPLOITDB text WORKING POC
WordPress Plugin stafflist 3.1.2 - SQLi (Authenticated)
EIP-2026-114171 EXPLOITDB text WORKING POC
WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion