Mert Daş

10 exploits Active since Jan 2026
CVE-2021-47943 EXPLOITDB HIGH text WORKING POC
TextPattern CMS 4.8.7 Remote Code Execution via File Upload
TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute commands by accessing the uploaded file at /textpattern/files/ with GET parameters passed to the system function.
CVSS 8.8
CVE-2021-47943 EXPLOITDB HIGH text WORKING POC
TextPattern CMS 4.8.7 Remote Code Execution via File Upload
TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute commands by accessing the uploaded file at /textpattern/files/ with GET parameters passed to the system function.
CVSS 8.8
CVE-2021-47953 EXPLOITDB MEDIUM html WORKING POC
OpenCart 3.0.3.7 Cross-Site Request Forgery via account/password
OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Attackers can trick authenticated users into submitting hidden forms with new password values in the 'password' and 'confirm' parameters to hijack accounts.
CVSS 4.3
CVE-2021-47780 EXPLOITDB HIGH text WRITEUP
Macro Expert 4.7 - Privilege Escalation
Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly configured service path to inject malicious executables that will be run with LocalSystem permissions during service startup.
CVSS 7.8
EIP-2026-117925 EXPLOITDB text WRITEUP
SolarWinds Kiwi CatTools 3.11.8 - Unquoted Service Path
EIP-2026-117682 EXPLOITDB text WRITEUP
Netgear Genie 2.4.64 - Unquoted Service Path
EIP-2026-117265 EXPLOITDB text WRITEUP
HCL Lotus Notes V12 - Unquoted Service Path
EIP-2026-112621 EXPLOITDB text WORKING POC
TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS)
EIP-2026-110270 EXPLOITDB text WORKING POC
OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting
EIP-2026-104310 EXPLOITDB text WORKING POC
Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting (XSS)