Mohin Paramasivam

7 exploits Active since May 2019
CVE-2021-47941 EXPLOITDB HIGH python WORKING POC
WordPress Plugin Survey & Poll 1.5.7.3 SQL Injection via sss_params
WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wp_sap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database information including usernames, passwords, and other confidential data from the WordPress database.
CVSS 8.2
CVE-2021-47935 EXPLOITDB HIGH python WORKING POC
Sentry 8.2.0 Remote Code Execution via Pickle Deserialization
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint with base64-encoded compressed pickle payloads in the data field to achieve code execution with application privileges.
CVSS 8.8
CVE-2018-19571 EXPLOITDB HIGH python WORKING POC
GitLab CE/EE <11.3.11-11.5.1 - SSRF
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.
CVSS 7.7
CVE-2018-19585 EXPLOITDB HIGH python WORKING POC
GitLab CE/EE <11.3.11-11.5.1 - CRLF Injection
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.
CVSS 7.5
CVE-2019-14287 EXPLOITDB HIGH python WORKING POC
Sudo <1.8.28 - Privilege Escalation
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
CVSS 8.8
EIP-2026-102787 EXPLOITDB bash WORKING POC
Bash 5.0 Patch 11 - SUID Priv Drop Exploit
CVE-2019-20085 EXPLOITDB HIGH python WORKING POC
TVT NVMS-1000 Firmware - Path Traversal via GET Request
TVT NVMS-1000 devices allow GET /.. Directory Traversal
CVSS 7.5