Mohab Ali

4 exploits Active since Sep 2015
CVE-2015-7381 EXPLOITDB WORKING POC
refbase < 0.9.6 - Remote Code Execution via pathToMYSQL or databaseStructureFile Parameter
Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue than CVE-2015-6008.
CVE-2015-6009 EXPLOITDB text WORKING POC
Web Reference Database <0.9.6 - SQL Injection
Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382.
CVE-2015-6008 EXPLOITDB text WORKING POC
Web Reference Database <0.9.6 - Command Injection
install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381.
CVE-2015-7382 EXPLOITDB text WORKING POC
refbase < 0.9.6 - SQL Injection via defaultCharacterSet Parameter
SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009.