Manuel Iván San Martín Castillo

7 exploits Active since Oct 2025
CVE-2025-10353 GITHUB CRITICAL WRITEUP
Melis Platform < 5.3.1 - Remote Code Execution via File Upload in melis-cms-slider Module
File upload leading to remote code execution (RCE) in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetail_img' parameter.
1 stars
CVE-2025-10352 GITHUB CRITICAL WRITEUP
Melis Platform < 5.3.11 - Unauthenticated Administrator Account Creation via ToolUser Endpoint
Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'.
1 stars
CVE-2025-10351 NOMISEC CRITICAL SCANNER
Melis Platform < 5.3.4 - SQL Injection via idPage Parameter
SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint.
1 stars
CVE-2025-10351 NOMISEC CRITICAL WORKING POC
Melis Platform < 5.3.4 - SQL Injection via idPage Parameter
SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint.
1 stars
CVE-2025-10353 VULNCHECK_XDB CRITICAL WRITEUP
Melis Platform < 5.3.1 - Remote Code Execution via File Upload in melis-cms-slider Module
File upload leading to remote code execution (RCE) in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetail_img' parameter.
CVE-2025-10352 WRITEUP CRITICAL WRITEUP
Melis Platform < 5.3.11 - Unauthenticated Administrator Account Creation via ToolUser Endpoint
Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'.
CVE-2025-10353 WRITEUP CRITICAL WRITEUP
Melis Platform < 5.3.1 - Remote Code Execution via File Upload in melis-cms-slider Module
File upload leading to remote code execution (RCE) in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetail_img' parameter.