LalieA

2 exploits Active since Mar 2021

CVE-2021-46398 NOMISEC HIGH WRITEUP

Filebrowser <2.18.0 - CSRF

A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE.

CVSS 8.8

View Code

CVE-2021-27928 NOMISEC HIGH WORKING POC

MariaDB <10.2.37, 10.3.28, 10.4.18, 10.5.9 - RCE

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.

CVSS 7.2

View Code