Lwin Min Aung (MgDemon)

6 exploits Active since Oct 2025
CVE-2025-61532 WRITEUP MEDIUM WRITEUP
SVX Portal <2.7A - XSS
Cross Site Scripting vulnerability in SVX Portal v.2.7A to execute arbitrary code via the TG parameter on last_heard_page.php component
CVSS 6.1
CVE-2025-61536 WRITEUP HIGH WRITEUP
FelixRiddle dev-jobs-handlebars 1.0 - Info Disclosure
FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset (magic) links using the untrusted `req.headers.host` header and forces the `http://` scheme. An attacker who can control the `Host` header (or exploit a misconfigured proxy/load-balancer that forwards the header unchanged) can cause reset links to point to attacker-controlled domains or be delivered via insecure HTTP, enabling token theft, phishing, and account takeover.
CVSS 8.2
CVE-2025-61539 WRITEUP MEDIUM WRITEUP
Ultimate PHP Board 2.2.7 - XSS
Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in lostpassword.php.
CVSS 6.1
CVE-2025-61540 WRITEUP MEDIUM WRITEUP
Ultimate PHP Board 2.2.7 - SQL Injection
SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php.
CVSS 6.5
CVE-2025-61541 WRITEUP HIGH WRITEUP
Webmin 2.510 - Host Header Injection
Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using the HTTP Host header via get_webmin_email_url(). An attacker can manipulate the Host header to inject a malicious domain into the reset email. If a victim follows the poisoned link, the attacker can intercept the reset token and gain full control of the target account.
CVSS 7.1
CVE-2025-61543 WRITEUP HIGH WRITEUP
CraftMyCMS 4.0.2.2 - Host Header Injection
A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses `$_SERVER['HTTP_HOST']` directly to construct password reset links sent via email. An attacker can manipulate the Host header to send malicious reset links, enabling phishing attacks or account takeover.
CVSS 7.1