Kaimi

6 exploits Active since Jan 2017
CVE-2017-18346 EXPLOITDB CRITICAL text WRITEUP
Cms Web-gooroo < 2013-01-19 - SQL Injection
SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter.
CVSS 9.8
CVE-2016-4340 EXPLOITDB HIGH text WORKING POC
Gitlab <8.7.0-8.2.4 - Auth Bypass
The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.
CVSS 8.8
EIP-2026-113533 EXPLOITDB text WORKING POC
WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection
EIP-2026-113575 EXPLOITDB text WORKING POC
WordPress Plugin Audio Record 1.0 - Arbitrary File Upload
EIP-2026-113579 EXPLOITDB text WRITEUP
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
EIP-2026-113586 EXPLOITDB text WORKING POC
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload