Mayank Deshmukh

19 exploits Active since Apr 2019
CVE-2022-24124 NOMISEC HIGH WORKING POC
Casdoor < 1.13.1 - SQL Injection via Query API Parameters
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
8 stars
CVSS 7.5
CVE-2020-10770 NOMISEC MEDIUM WORKING POC
Keycloak < 13.0.0 - Server-Side Request Forgery via OIDC request_uri Parameter
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
8 stars
CVSS 5.3
CVE-2022-24124 NOMISEC HIGH WORKING POC
Casdoor < 1.13.1 - SQL Injection via Query API Parameters
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
1 stars
CVSS 7.5
CVE-2022-24124 NOMISEC HIGH WORKING POC
Casdoor < 1.13.1 - SQL Injection via Query API Parameters
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
1 stars
CVSS 7.5
CVE-2024-46879 NOMISEC MEDIUM WORKING POC
Tiki < 21.11 - Reflected Cross-Site Scripting via tiki-admin_system.php zipPath Parameter
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the POST request data zipPath of tiki-admin_system.php in Tiki version 21.2. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions.
CVSS 5.4
CVE-2024-46878 NOMISEC MEDIUM WRITEUP
Tiki < 27.1 - Cross-Site Scripting via tiki-editpage.php Page Parameter
A Cross-Site Scripting (XSS) vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions.
CVSS 5.4
CVE-2019-11447 NOMISEC HIGH WORKING POC
CutePHP CuteNews 2.1.2 - Code Injection
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
CVSS 8.8
CVE-2021-34429 METASPLOIT MEDIUM ruby WORKING POC
Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5, 11.0.1-11.0.5 - Directory Traversal & Security Bypass via Encoded URI
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
CVSS 5.3
CVE-2024-46878 WRITEUP MEDIUM WRITEUP
Tiki < 27.1 - Cross-Site Scripting via tiki-editpage.php Page Parameter
A Cross-Site Scripting (XSS) vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions.
CVSS 5.4
CVE-2024-46879 WRITEUP MEDIUM WORKING POC
Tiki < 21.11 - Reflected Cross-Site Scripting via tiki-admin_system.php zipPath Parameter
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the POST request data zipPath of tiki-admin_system.php in Tiki version 21.2. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions.
CVSS 5.4
CVE-2021-28164 METASPLOIT MEDIUM ruby WORKING POC
Eclipse Jetty - Information Disclosure
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
CVSS 5.3
CVE-2022-44877 EXPLOITDB CRITICAL go WORKING POC
CWP login.php Unauthenticated RCE
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
CVSS 9.8
CVE-2019-17240 EXPLOITDB CRITICAL python WORKING POC
Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass via X-Forwarded-For Header
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
CVSS 9.8
CVE-2021-26086 EXPLOITDB MEDIUM text WORKING POC
Atlassian Jira Server/Data Center Path Traversal via /WEB-INF/web.xml
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.
CVSS 5.3
CVE-2022-24124 EXPLOITDB HIGH go WORKING POC
Casdoor < 1.13.1 - SQL Injection via Query API Parameters
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
CVSS 7.5
CVE-2021-28164 EXPLOITDB MEDIUM text WORKING POC
Eclipse Jetty - Information Disclosure
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
CVSS 5.3
CVE-2020-10770 EXPLOITDB MEDIUM python WORKING POC
Keycloak < 13.0.0 - Server-Side Request Forgery via OIDC request_uri Parameter
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
CVSS 5.3
CVE-2021-34429 EXPLOITDB MEDIUM text WORKING POC
Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5, 11.0.1-11.0.5 - Directory Traversal & Security Bypass via Encoded URI
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
CVSS 5.3
CVE-2021-26085 EXPLOITDB MEDIUM text WORKING POC
Atlassian Confluence Server <7.4.10, >7.5.0-7.12.2 - Info Disclosure
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
CVSS 5.3