Ivan Spiridonov

4 exploits Active since Feb 2023
CVE-2024-0566 EXPLOITDB HIGH text WORKING POC
Smart Manager WP <8.28.0 - SQL Injection
The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
CVSS 7.2
EIP-2026-105666 EXPLOITDB text WORKING POC
BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection
CVE-2024-0399 EXPLOITDB HIGH text WORKING POC
WooCommerce Customers Manager < 29.7 - Authenticated SQL Injection
The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role.
CVSS 8.1
CVE-2023-0830 EXPLOITDB MEDIUM python WORKING POC
EasyNAS 1.1.0 - OS Command Injection via /backup.pl
A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
CVSS 6.3