Nicholas Ferreira

7 exploits Active since Nov 2017
CVE-2021-41560 NOMISEC CRITICAL WORKING POC
OpenCATS <= 0.9.6 - Remote Code Execution via Executable File Upload
OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php.
11 stars
CVSS 9.8
CVE-2018-17254 NOMISEC CRITICAL WORKING POC
JCK Editor 6.4.4 - SQL Injection via jtreelink Parent Parameter
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
10 stars
CVSS 9.8
CVE-2017-1000170 NOMISEC HIGH WORKING POC
jqueryFileTree <2.1.5 - Path Traversal
jqueryFileTree 2.1.5 and older Directory Traversal
4 stars
CVSS 7.5
CVE-2021-47936 EXPLOITDB CRITICAL bash WORKING POC
OpenCATS 0.9.4 Remote Code Execution via Resume Upload
OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system commands via POST requests to the uploaded file in the upload directory.
CVSS 9.8
CVE-2021-41560 WRITEUP CRITICAL WRITEUP
OpenCATS <= 0.9.6 - Remote Code Execution via Executable File Upload
OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php.
CVSS 9.8
CVE-2017-1000170 EXPLOITDB HIGH php WORKING POC
jqueryFileTree <2.1.5 - Path Traversal
jqueryFileTree 2.1.5 and older Directory Traversal
CVSS 7.5
CVE-2018-17254 EXPLOITDB CRITICAL php WORKING POC
JCK Editor 6.4.4 - SQL Injection via jtreelink Parent Parameter
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
CVSS 9.8