Hosein Vita

7 exploits Active since Mar 2021
CVE-2021-43617 NOMISEC CRITICAL STUB
Laravel Framework <8.70.2 - Code Injection
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.
CVSS 9.8
CVE-2021-24245 EXPLOITDB MEDIUM text WORKING POC
Trumani Stop Spammers < 2021.9 - XSS
The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue.
CVSS 6.1
CVE-2021-43617 EXPLOITDB CRITICAL text WORKING POC
Laravel Framework <8.70.2 - Code Injection
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.
CVSS 9.8
CVE-2021-27695 EXPLOITDB MEDIUM text WORKING POC
openMAINT <3.3-b - XSS
Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any "Add" sections, such as Add Card Building & Floor, or others in the Name and Code Parameters.
CVSS 6.1
EIP-2026-104203 EXPLOITDB text WORKING POC
CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting (XSS)
CVE-2022-38580 EXPLOITDB CRITICAL text WORKING POC
Zalando Skipper <0.13.236 - SSRF
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
CVSS 9.8
EIP-2026-103262 EXPLOITDB python WORKING POC
Aurba 501 - Authenticated RCE