Hubert Wojciechowski

22 exploits Active since Aug 2023
CVE-2021-47923 EXPLOITDB CRITICAL text WORKING POC
OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie
OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover and unauthorized access to user accounts.
CVSS 9.8
CVE-2022-50944 EXPLOITDB HIGH text WORKING POC
Aero CMS 0.0.1 PHP Code Injection via posts.php
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=add_post parameter, and the uploaded files are executed by the server.
CVSS 8.8
CVE-2023-53975 EXPLOITDB HIGH text WORKING POC
Atom CMS 2.0 - SQL Injection
Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks.
CVSS 7.5
CVE-2023-53972 EXPLOITDB HIGH text WORKING POC
WebTareas 2.4 - Unauthenticated SQL Injection via webTareasSID Cookie Parameter
WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access sensitive system data.
CVSS 7.5
CVE-2023-53971 EXPLOITDB HIGH text WORKING POC
WebTareas 2.4 - Authenticated Remote Code Execution via Chat Photo Upload
WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file path.
CVSS 8.8
CVE-2023-36121 EXPLOITDB MEDIUM text WORKING POC
e107 2.3.2 - Cross-Site Scripting via SEO Project Description Function
Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.
CVSS 5.4
CVE-2022-50939 EXPLOITDB HIGH text WORKING POC
e107 CMS 3.2.1 - Authenticated Path Traversal and Arbitrary File Write via Media Manager Upload Caption
e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality (image.php) where the upload_caption parameter is not properly sanitized. An attacker with administrative privileges can use directory traversal sequences (../../../) in the upload_caption field to overwrite critical system files outside the intended upload directory. This can lead to complete compromise of the web application by overwriting configuration files, executable scripts, or other critical system components. The vulnerability was discovered by Hubert Wojciechowski and affects the image.php component in the admin interface.
CVSS 7.2
CVE-2022-50916 EXPLOITDB HIGH text WORKING POC
e107 CMS 3.2.1 - Authenticated Arbitrary File Write via Media Manager Import URL Parameter
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.php in the web application directory.
CVSS 7.2
CVE-2022-50907 EXPLOITDB HIGH text WORKING POC
e107 CMS <3.2.1 - Authenticated RCE
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL parameter, enabling remote code execution through the Media Manager import feature.
CVSS 7.2
CVE-2022-50906 EXPLOITDB MEDIUM text WORKING POC
e107 CMS 3.2.1 - Authenticated Stored Cross-Site Scripting via SVG Upload Bypass
e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting (XSS) payloads that can execute arbitrary scripts when viewed.
CVSS 4.8
CVE-2022-50905 EXPLOITDB CRITICAL text WORKING POC
e107 CMS 3.2.1 - Authenticated Reflected Cross-Site Scripting via News Comment URL Parameter
e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code through the URL parameter that gets executed when users click outside the comment field after typing content. The second vulnerability involves an upload restriction bypass for authenticated administrators, allowing them to upload SVG files containing malicious code through the media manager's remote URL upload feature. This results in stored XSS when the uploaded SVG files are accessed. These vulnerabilities were discovered by Hubert Wojciechowski and affect the news.php and image.php components of the CMS.
CVSS 9.8
CVE-2021-47721 EXPLOITDB HIGH text WORKING POC
Orangescrum 1.8.0 - Session Cookie Account Takeover
Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized access to another user's account.
CVSS 8.8
CVE-2021-47720 EXPLOITDB HIGH text WORKING POC
Orangescrum 1.8.0 - Authenticated SQL Injection via Multiple Parameters
Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like old_project_id, project_id, uuid, and uniqid to potentially extract or modify database information.
CVSS 7.1
CVE-2021-47716 EXPLOITDB MEDIUM text WORKING POC
Orangescrum 1.8.0 - Authenticated Cross-Site Scripting via Input Parameters
Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CS_message', and 'name' to execute arbitrary JavaScript code in victim's browsers by submitting crafted payloads through application endpoints.
CVSS 5.4
EIP-2026-113376 EXPLOITDB text WORKING POC
WebTareas 2.4 - Reflected XSS (Unauthorised)
EIP-2026-112939 EXPLOITDB text WORKING POC
Uvdesk 1.1.4 - Stored XSS (Authenticated)
EIP-2026-110195 EXPLOITDB text WORKING POC
Online Traffic Offense Management System 1.0 - Multiple SQL Injection (Unauthenticated)
EIP-2026-110197 EXPLOITDB text WORKING POC
Online Traffic Offense Management System 1.0 - Privilage escalation (Unauthenticated)
EIP-2026-110196 EXPLOITDB text WORKING POC
Online Traffic Offense Management System 1.0 - Multiple XSS (Unauthenticated)
EIP-2026-110194 EXPLOITDB text WORKING POC
Online Traffic Offense Management System 1.0 - Multiple RCE (Unauthenticated)
EIP-2026-109908 EXPLOITDB text WORKING POC
News Portal v4.0 - SQL Injection (Unauthorized)
EIP-2026-105004 EXPLOITDB text WORKING POC
Aero CMS v0.0.1 - SQL Injection (no auth)