Mirabbas Ağalarov

61 exploits Active since Jul 2023
CVE-2023-50564 NOMISEC HIGH WORKING POC
Pluck-CMS 4.7.18 - Arbitrary File Upload via ZIP File in Modules Install
An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.
3 stars
CVSS 8.8
CVE-2023-50564 NOMISEC HIGH WORKING POC
Pluck-CMS 4.7.18 - Arbitrary File Upload via ZIP File in Modules Install
An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.
1 stars
CVSS 8.8
EIP-2026-120679 EXPLOITDB python WORKING POC
Jumbo Website Manager - Remote Code Execution
CVE-2023-53980 EXPLOITDB CRITICAL text WORKING POC
ProjectSend r1605 - Remote Code Execution via File Extension Manipulation
ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server.
CVSS 9.8
CVE-2023-53953 EXPLOITDB MEDIUM text WORKING POC
WebsiteBaker 2.13.3 - Authenticated Stored Cross-Site Scripting via Page Title
WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users.
CVSS 5.4
CVE-2023-53952 EXPLOITDB HIGH text WORKING POC
Dotclear 2.25.3 - Authenticated Remote Code Execution via PHAR File Upload
Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed, enabling arbitrary code execution on the server.
CVSS 8.8
CVE-2023-53939 EXPLOITDB MEDIUM text WORKING POC
TinyWebGallery 2.5 - Authenticated Stored Cross-Site Scripting via Folder Name Parameter
TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected gallery pages.
CVSS 5.4
CVE-2023-53933 EXPLOITDB HIGH text WORKING POC
Serendipity 2.4.0 - Authenticated Remote Code Execution via PHAR File Upload
Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server.
CVSS 8.8
CVE-2023-53932 EXPLOITDB MEDIUM text WORKING POC
Serendipity 2.4.0 - Authenticated Stored Cross-Site Scripting via Blog Entry Creation
Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post.
CVSS 5.4
CVE-2023-53931 EXPLOITDB MEDIUM text WORKING POC
Revive Adserver 5.4.1 - Stored Cross-Site Scripting via Banner Advanced Settings
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute arbitrary JavaScript when an admin views the page.
CVSS 6.1
CVE-2023-53930 EXPLOITDB HIGH text WORKING POC
ProjectSend r1605 - Info Disclosure
ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's private files by changing the 'id' parameter in the download request to process.php.
CVSS 7.5
CVE-2023-53929 EXPLOITDB HIGH text WORKING POC
phpMyFAQ 3.1.12 - Authenticated CSV Injection via User Profile Export
phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user data as a CSV file.
CVSS 8.8
CVE-2023-53928 EXPLOITDB MEDIUM text WORKING POC
PHPFusion 9.10.30 - Stored Cross-Site Scripting via File Manager SVG Upload
PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability in the file manager that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload SVG files with script tags that execute arbitrary JavaScript when viewed, potentially stealing user session information or performing client-side attacks.
CVSS 5.4
CVE-2023-53925 EXPLOITDB MEDIUM text WORKING POC
UliCMS 2023.1 - Stored Cross-Site Scripting via SVG File Upload
UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file management interface that execute arbitrary scripts when viewed by other users.
CVSS 6.1
CVE-2023-53924 EXPLOITDB HIGH text WORKING POC
UliCMS 2023.1-sniffing-vicuna - RCE
UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can trigger code execution by visiting the uploaded file's location, enabling system command execution through maliciously crafted avatar uploads.
CVSS 8.8
CVE-2023-53923 EXPLOITDB CRITICAL python WORKING POC
UliCMS 2023.1 - Privilege Escalation
UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST request to /dist/admin/index.php with specific parameters to generate a new admin user with full system access.
CVSS 9.8
CVE-2023-53922 EXPLOITDB CRITICAL text WORKING POC
TinyWebGallery 2.5 - Unauthenticated Remote Code Execution via Malicious PHAR File Upload
TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar files with embedded system commands to execute arbitrary code on the server by accessing the uploaded file's URL.
CVSS 9.8
CVE-2023-53921 EXPLOITDB CRITICAL text WORKING POC
SitemagicCMS 4.4.3 - PHP File Upload Command Execution
SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands.
CVSS 9.8
CVE-2023-53920 EXPLOITDB MEDIUM text WORKING POC
PodcastGenerator 3.2.9 - Stored Cross-Site Scripting via Podcast Title Field
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the podcast title field accessible through the podcast details interface (podcast_details.php). Malicious JavaScript payloads injected into the podcast title execute when users visit the application's home page.
CVSS 5.4
CVE-2023-53919 EXPLOITDB MEDIUM text WORKING POC
PodcastGenerator 3.2.9 - Stored Cross-Site Scripting in Freebox Content Field
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface (theme_freebox.php). Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page.
CVSS 5.4
CVE-2023-53918 EXPLOITDB MEDIUM text WORKING POC
PodcastGenerator 3.2.9 - Stored Cross-Site Scripting in Episode Title Field
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface (episodes_upload.php). Malicious JavaScript payloads injected into episode titles execute when administrators view the episodes list page (episodes_list.php).
CVSS 6.1
CVE-2023-53916 EXPLOITDB MEDIUM text WORKING POC
Zenphoto 1.6 - Stored Cross-Site Scripting in User Postal Code Field
Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser context.
CVSS 4.6
CVE-2023-53915 EXPLOITDB MEDIUM text WORKING POC
Zenphoto 1.6 - Authenticated Stored Cross-Site Scripting via Album Description
Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users view the album page.
CVSS 4.6
CVE-2023-53914 EXPLOITDB CRITICAL text WORKING POC
UliCMS 2023.1 - Unauthenticated Authentication Bypass via Mass Assignment in UserController
UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specific parameters to generate an administrative account with full system access.
CVSS 9.8
CVE-2023-53913 EXPLOITDB HIGH text WORKING POC
Rukovoditel 3.3.1 - Authenticated CSV Injection via Firstname Field
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file.
CVSS 8.8