Mehmet Kelepçe

14 exploits Active since May 2020
CVE-2020-13424 NOMISEC MEDIUM WORKING POC
Joomla! <3.5.4 - Info Disclosure
The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure.
CVSS 6.5
CVE-2020-13996 NOMISEC HIGH WORKING POC
J2store < 3.3.13 - SQL Injection
The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection attack by a trusted store manager.
CVSS 8.8
CVE-2023-4596 EXPLOITDB CRITICAL text WORKING POC
Forminator <1.24.6 - File Upload
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS 9.8
CVE-2020-36966 EXPLOITDB MEDIUM text WORKING POC
Dolibarr 11.0.3 - XSS
Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary JavaScript and potentially steal user cookie information.
CVSS 6.4
CVE-2020-25751 EXPLOITDB HIGH text WORKING POC
Corephp Pago Commerce - SQL Injection
The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.
CVSS 8.8
CVE-2020-29287 EXPLOITDB CRITICAL text WORKING POC
Car Rental Management System <1.0 - SQL Injection
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
CVSS 9.8
CVE-2020-12629 EXPLOITDB MEDIUM text WORKING POC
osTicket <1.14.2 - XSS
include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.
CVSS 5.4
EIP-2026-114271 EXPLOITDB text WORKING POC
WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross Site Scripting
EIP-2026-113182 EXPLOITDB text WORKING POC
Water Billing System 1.0 - 'id' SQL Injection (Authenticated)
EIP-2026-108911 EXPLOITDB text WORKING POC
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection
EIP-2026-108918 EXPLOITDB text WORKING POC
Joomla! Plugin XCloner Backup 3.5.3 - Local File Inclusion (Authenticated)
EIP-2026-108910 EXPLOITDB text WORKING POC
Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection
EIP-2026-108909 EXPLOITDB text WORKING POC
Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection
EIP-2026-105716 EXPLOITDB text WORKING POC
Car Rental Management System 1.0 - Remote Code Execution (Authenticated)