M3@Pandas

5 exploits Active since May 2018
CVE-2018-12052 EXPLOITDB CRITICAL text WORKING POC
PHP Scripts Mall Schools Alert Mgt - SQL Injection
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.
CVSS 9.8
CVE-2018-12053 EXPLOITDB HIGH text WORKING POC
PHP Scripts Mall Schools Alert Mgmt - Path Traversal
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.
CVSS 7.5
CVE-2018-12054 EXPLOITDB HIGH text WORKING POC
PHP Scripts Mall Schools Alert Mgt - Path Traversal
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.
CVSS 7.5
CVE-2018-12055 EXPLOITDB CRITICAL text WORKING POC
PHP Scripts Mall Schools Alert Mgmt - SQL Injection
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.
CVSS 9.8
CVE-2018-11523 EXPLOITDB CRITICAL text WORKING POC
Nuuo Nvrmini 2 Firmware < 3.6.5 - Unrestricted File Upload
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.
CVSS 9.8