Jok3r

CVE-2020-37008 EXPLOITDB HIGH text WORKING POC

EasyPMS 1.0.0 - Auth Bypass

EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without proper token authentication.

CVSS 7.5

View Code

CVE-2020-36154 EXPLOITDB HIGH text WORKING POC

Pearson Vue Testing System - Incorrect Permission Assignment

The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the "%SYSTEMDRIVE%\Pearson VUE" directory, which allows local users to obtain administrative privileges via a Trojan horse application.

CVSS 7.8

View Code

EIP-2026-117756 EXPLOITDB text WORKING POC

Pearson Vue VTS 2.3.1911 Installer - 'VUEApplicationWrapper' Unquoted Service Path

View Code