Joshua Reynolds

3 exploits Active since Jan 2013
CVE-2013-1852 EXPLOITDB ruby WORKING POC
LeagueManager < 3.8.1 - SQL Injection via league_id Parameter
SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.
CVE-2012-6433 EXPLOITDB text WORKING POC
e107 1.0.1 - Cross-Site Request Forgery via News Title Parameter
Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.
CVE-2012-6434 EXPLOITDB text WORKING POC
e107 1.0.2 - Cross-Site Request Forgery via download.php Parameters
Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter.