MadExploits

2 exploits Active since Jun 2017

CVE-2021-3129 NOMISEC CRITICAL SCANNER

Ignition <2.5.2 - RCE

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.

7 stars

CVSS 9.8

View Code

CVE-2017-9841 NOMISEC CRITICAL WORKING POC

PHPUnit <4.8.28, <5.6.3 - RCE

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.

5 stars

CVSS 9.8

View Code