Jx0n0

2 exploits Active since Mar 2018
CVE-2018-8078 NOMISEC MEDIUM WRITEUP
YzmCMS 3.7 - XSS
YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html.
7 stars
CVSS 5.4
CVE-2018-17418 NOMISEC HIGH WORKING POC
Monstra CMS <3.0.4 - RCE
Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable.
1 stars
CVSS 7.2