MinoTauro2020

6 exploits Active since Sep 2023
CVE-2023-40868 NOMISEC HIGH WORKING POC
mooSocial Demo - Cross-Site Request Forgery via Delete Account and Deactivate Functions
Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions.
1 stars
CVSS 8.8
CVE-2023-40869 NOMISEC MEDIUM WORKING POC
mooSocial 3.1.6-3.1.7 - Cross-Site Scripting via edit_menu, copuon, and group_categorias Functions
Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and group_categorias functions.
1 stars
CVSS 6.1
CVE-2023-43147 NOMISEC HIGH WORKING POC
PHPJabbers Limo Booking Software 1.0 - CSRF
PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI.
1 stars
CVSS 8.8
CVE-2023-43148 NOMISEC HIGH WORKING POC
SPA-Cart 1.9.0.3 - Cross-Site Request Forgery
SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts.
1 stars
CVSS 8.1
CVE-2023-43149 NOMISEC HIGH WORKING POC
SPA-Cart 1.9.0.3 - Cross-Site Request Forgery
SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status.
1 stars
CVSS 8.8
CVE-2023-43147 WRITEUP HIGH WORKING POC
PHPJabbers Limo Booking Software 1.0 - CSRF
PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI.
CVSS 8.8