Mehmet Onder

5 exploits Active since Aug 2019
CVE-2019-25713 EXPLOITDB HIGH text WORKING POC
MyT-PM 1.5.1 SQL Injection via Charge[group_total] Parameter
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind, or stacked query payloads to extract sensitive database information or manipulate data.
CVSS 7.1
CVE-2019-25710 EXPLOITDB HIGH text WORKING POC
Dolibarr ERP-CRM 8.0.4 SQL Injection via rowid Parameter
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using error-based SQL injection techniques.
CVSS 8.2
CVE-2019-25703 EXPLOITDB HIGH text WORKING POC
ImpressCMS 1.3.11 SQL Injection via bid Parameter
ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL commands to extract sensitive database information.
CVSS 7.1
EIP-2026-110496 EXPLOITDB text WORKING POC
PaulPrinting CMS Printing 1.0 - SQL Injection
CVE-2019-12624 EXPLOITDB HIGH text WORKING POC
Cisco IOS XE 3.0.xe-3.11.xe - Cross-Site Request Forgery in Web-Based Management Interface
A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.
CVSS 8.8