Manuel Garcia Cardenas

9 exploits Active since Dec 2014
CVE-2014-9235 EXPLOITDB WORKING POC
Zoph < 0.9.1 - Authenticated SQL Injection via _action or location_id Parameter
Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.
CVE-2014-9242 EXPLOITDB WRITEUP
WebsiteBaker 2.8.3 - SQL Injection via page_id Parameter
SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
CVE-2014-9236 EXPLOITDB text WRITEUP
Zoph < 0.9.1 - Cross-Site Scripting via photographer_id or _crumb Parameter
Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photographer_id or (2) _crumb parameter.
CVE-2018-16283 EXPLOITDB CRITICAL text WORKING POC
Wechat Broadcast < 1.2.0 - Path Traversal via Image.php URL Parameter
The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.
CVSS 9.8
CVE-2018-16299 EXPLOITDB HIGH text WORKING POC
Localize My Post 1.0 - Path Traversal via AJAX Include File Parameter
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
CVSS 7.5
CVE-2014-9243 EXPLOITDB text WRITEUP
WebsiteBaker 2.8.3 - Cross-Site Scripting via QUERY_STRING or section_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2) section_id parameter to edit_module_files.php, (3) news/add_post.php, (4) news/modify_group.php, (5) news/modify_post.php, or (6) news/modify_settings.php in wb/modules/.
CVE-2019-12922 EXPLOITDB MEDIUM text WRITEUP
phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery in Setup Page
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
CVSS 6.5
EIP-2026-106112 EXPLOITDB text WRITEUP
Composr CMS 10.0.30 - Persistent Cross-Site Scripting
CVE-2018-8831 EXPLOITDB MEDIUM text WRITEUP
Kodi < 17.6 - Stored Cross-Site Scripting via Playlist
A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.
CVSS 6.1