Hzllaga

3 exploits Active since Jun 2018
CVE-2020-25540 EXPLOITDB HIGH text WORKING POC
ThinkAdmin v6 - Unauthenticated Path Traversal via GET Request Encode Parameter
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.
CVSS 7.5
CVE-2018-14418 EXPLOITDB CRITICAL text WORKING POC
msvod_cms v10 - SQL Injection via images/lists cid Parameter
In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI.
CVSS 9.8
CVE-2018-12912 EXPLOITDB HIGH text WORKING POC
HongCMS 3.0.0 - SQL Injection via Database Empty Table URI Parameter
An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI.
CVSS 7.2