Manuel Garcia Cardenas

9 exploits Active since Dec 2014
CVE-2014-9235 EXPLOITDB WORKING POC
Zoph <0.9.1 - SQL Injection
Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.
CVE-2014-9242 EXPLOITDB WRITEUP
WebsiteBaker 2.8.3 - SQL Injection
SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
CVE-2014-9236 EXPLOITDB text WRITEUP
Zoph <0.9.1 - XSS
Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photographer_id or (2) _crumb parameter.
CVE-2018-16283 EXPLOITDB CRITICAL text WORKING POC
Wechat Brodcast < 1.2.0 - Path Traversal
The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.
CVSS 9.8
CVE-2018-16299 EXPLOITDB HIGH text WORKING POC
Localize MY Post - Path Traversal
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
CVSS 7.5
CVE-2014-9243 EXPLOITDB text WRITEUP
WebsiteBaker 2.8.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2) section_id parameter to edit_module_files.php, (3) news/add_post.php, (4) news/modify_group.php, (5) news/modify_post.php, or (6) news/modify_settings.php in wb/modules/.
CVE-2019-12922 EXPLOITDB MEDIUM text WRITEUP
Phpmyadmin < 4.9.0.1 - CSRF
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
CVSS 6.5
EIP-2026-106112 EXPLOITDB text WRITEUP
Composr CMS 10.0.30 - Persistent Cross-Site Scripting
CVE-2018-8831 EXPLOITDB MEDIUM text WRITEUP
Kodi <17.6 - XSS
A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.
CVSS 6.1