HoangKien1020

10 exploits Active since Mar 2020
CVE-2021-23132 NOMISEC HIGH WORKING POC
Joomla! 3.0.0-3.9.24 - Unauthenticated Arbitrary File Upload via com_media
An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads
71 stars
CVSS 7.5
CVE-2020-11890 NOMISEC MEDIUM WORKING POC
Joomla! < 3.9.17 - Improper Input Validation in Usergroup Table
An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.
62 stars
CVSS 5.3
CVE-2020-14321 NOMISEC HIGH WORKING POC
Moodle Teacher Enrollment Privilege Escalation to RCE
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
44 stars
CVSS 8.8
CVE-2021-21389 NOMISEC HIGH WORKING POC
BuddyPress 5.0.0-7.2.0 - Unauthenticated Privilege Escalation via REST API Members Endpoint
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.
19 stars
CVSS 8.1
CVE-2020-10239 NOMISEC HIGH WORKING POC
Joomla! 3.7.0-3.9.15 - Incorrect Access Control in com_fields SQL Fieldtype
An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.
6 stars
CVSS 8.8
CVE-2020-10238 NOMISEC HIGH WORKING POC
Joomla! < 3.9.16 - Incorrect Access Control in com_templates
An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.
6 stars
CVSS 7.5
CVE-2021-21014 NOMISEC CRITICAL SUSPICIOUS
Magento <2.4.1-2.3.6 - Authenticated RCE
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.
4 stars
CVSS 9.1
CVE-2020-25627 NOMISEC MEDIUM WORKING POC
moodle 3.9-3.9.1 - Stored Cross-Site Scripting in moodlenetprofile User Profile Field
The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. This affects versions 3.9 to 3.9.1. Fixed in 3.9.2.
3 stars
CVSS 6.1
CVE-2020-14321 NOMISEC HIGH WORKING POC
Moodle Teacher Enrollment Privilege Escalation to RCE
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
2 stars
CVSS 8.8
CVE-2020-14321 METASPLOIT HIGH ruby WORKING POC
Moodle Teacher Enrollment Privilege Escalation to RCE
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
CVSS 8.8