Jerome Bruandet

3 exploits Active since Nov 2021
CVE-2020-16152 NOMISEC CRITICAL WORKING POC
Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.
11 stars
CVSS 9.8
CVE-2021-4374 METASPLOIT CRITICAL ruby WORKING POC
WordPress Automatic <3.53.2 - Info Disclosure
The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the process_form.php file. This makes it possible for unauthenticated attackers to arbitrarily update the settings of a vulnerable site and ultimately compromise the entire site.
CVSS 9.1
CVE-2021-42362 METASPLOIT HIGH ruby WORKING POC
WordPress Popular Posts <= 5.3.2 - Authenticated Arbitrary File Upload in Image.php
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.
CVSS 8.8