Mateo Hanžek - Security Researcher - Exploit Intelligence Platform

CVE-2021-43778 WRITEUP CRITICAL WORKING POC

GLPI Barcode Plugin 2.0-2.6.0 - Path Traversal via front/send.php

Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file.

CVSS 9.1

View Code

CVE-2022-43014 WRITEUP MEDIUM WORKING POC

OpenCATS 0.9.6 - Reflected Cross-Site Scripting via joborderID Parameter

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.

CVSS 6.1

View Code

CVE-2022-43015 WRITEUP MEDIUM WORKING POC

OpenCATS 0.9.6 - Reflected Cross-Site Scripting via entriesPerPage Parameter

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter.

CVSS 6.1

View Code

CVE-2022-43016 WRITEUP MEDIUM WORKING POC

OpenCATS 0.9.6 - Reflected Cross-Site Scripting via Callback Component

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component.

CVSS 6.1

View Code

CVE-2022-43017 WRITEUP MEDIUM WRITEUP

OpenCATS 0.9.6 - Reflected Cross-Site Scripting via indexFile Component

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component.

CVSS 6.1

View Code

CVE-2022-43018 WRITEUP MEDIUM WORKING POC

OpenCATS 0.9.6 - Reflected Cross-Site Scripting via Check Email Function

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function.

CVSS 6.1

View Code

CVE-2022-43019 WRITEUP CRITICAL WRITEUP

OpenCATS 0.9.6 - Remote Code Execution via getDataGridPager AJAX Deserialization

OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality.

CVSS 9.8

View Code

CVE-2022-43020 WRITEUP MEDIUM WORKING POC

OpenCATS 0.9.6 - SQL Injection via Tag Update tag_id Variable

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function.

CVSS 6.5

View Code

CVE-2022-43021 WRITEUP MEDIUM WORKING POC

OpenCATS 0.9.6 - SQL Injection via entriesPerPage Variable

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable.

CVSS 6.5

View Code

CVE-2022-43023 WRITEUP MEDIUM WORKING POC

OpenCATS 0.9.6 - SQL Injection via Import viewerrors importID Parameter

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.

CVSS 6.5

View Code