Musyoka Ian

8 exploits Active since Apr 2019
CVE-2019-19609 NOMISEC HIGH WORKING POC
Strapi < 3.0.0-beta.17.8 - Remote Code Execution via Plugin Install/Uninstall
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.
CVSS 7.2
CVE-2022-50897 EXPLOITDB MEDIUM python WORKING POC
mPDF 7.0 - Local File Inclusion via Annotation File Parameters
mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications.
CVSS 5.5
CVE-2020-36112 EXPLOITDB CRITICAL text WORKING POC
CSE Bookstore 1.0 - SQL Injection via pubid Parameter
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running.
CVSS 9.8
EIP-2026-111895 EXPLOITDB python WORKING POC
sar2html 3.2.1 - 'plot' Remote Code Execution
EIP-2026-110294 EXPLOITDB python WORKING POC
OpenEMR 5.0.1 - Remote Code Execution (1)
CVE-2019-11447 EXPLOITDB HIGH python WORKING POC
CutePHP CuteNews 2.1.2 - Code Injection
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
CVSS 8.8
EIP-2026-104455 EXPLOITDB python WORKING POC
Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (RCE) (Unauthenticated)
EIP-2026-103298 EXPLOITDB python WORKING POC
Metabase 0.46.6 - Pre-Auth Remote Code Execution