Jok3r

3 exploits Active since Jan 2021
CVE-2020-37008 EXPLOITDB HIGH text WORKING POC
EasyPMS 1.0.0 - Unauthenticated Authorization Bypass via SQL Query Manipulation
EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without proper token authentication.
CVSS 7.5
CVE-2020-36154 EXPLOITDB HIGH text WORKING POC
Pearson VUE Testing System 2.3.1911 - Unauthenticated Privilege Escalation via Directory Permissions
The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the "%SYSTEMDRIVE%\Pearson VUE" directory, which allows local users to obtain administrative privileges via a Trojan horse application.
CVSS 7.8
EIP-2026-117756 EXPLOITDB text WORKING POC
Pearson Vue VTS 2.3.1911 Installer - 'VUEApplicationWrapper' Unquoted Service Path