MrG3P5

2 exploits Active since Jun 2017

CVE-2022-4395 NOMISEC CRITICAL WORKING POC

Membership For WooCommerce <2.1.7 - Unauthenticated RCE

The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.

7 stars

CVSS 9.8

View Code

CVE-2017-9841 NOMISEC CRITICAL SCANNER

PHPUnit <4.8.28, <5.6.3 - RCE

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.

4 stars

CVSS 9.8

View Code