Manish Kishan Tanwar AKA error1046

6 exploits Active since Apr 2015
CVE-2015-1397 EXPLOITDB python WORKING POC
Magento CE/EE 1.9.1.0-1.14.1.0 - SQL Injection
SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularity[field_expr] parameter when the popularity[from] or popularity[to] parameter is set.
EIP-2026-114190 EXPLOITDB text WORKING POC
WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload
CVE-2016-6195 EXPLOITDB CRITICAL text WORKING POC
vBulletin <4.2.2 PL5 & <4.2.3 PL1 - SQL Injection
SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016.
CVSS 9.8
EIP-2026-110936 EXPLOITDB text WORKING POC
PHPBack < 1.3.1 - SQL Injection / Cross-Site Scripting
EIP-2026-108870 EXPLOITDB text WORKING POC
Joomla! Component Spider FAQ - SQL Injection
CVE-2015-5148 EXPLOITDB text WRITEUP
Livelycart - SQL Injection
SQL injection vulnerability in LivelyCart 1.2.0 allows remote attackers to execute arbitrary SQL commands via the search_query parameter to product/search.