Nuri Çilengir

9 exploits Active since Jun 2022
CVE-2022-31137 METASPLOIT CRITICAL ruby WORKING POC
Roxy-WI < 6.1.1.0 - Unauthenticated Remote Code Execution via subprocess_execute Function
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 10.0
CVE-2022-31125 EXPLOITDB CRITICAL text WORKING POC
roxy-wi < 6.1.1.0 - Unauthenticated Authentication Bypass via Crafted HTTP Request
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS 10.0
CVE-2022-31126 EXPLOITDB CRITICAL text WORKING POC
Roxy-wi < 6.1.1.0 - Unauthenticated Remote Code Execution via /app/options.py
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS 10.0
CVE-2022-31161 EXPLOITDB CRITICAL text WORKING POC
Roxy-WI <6.1.1.0 - Command Injection
Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for this issue.
CVSS 10.0
CVE-2022-34128 EXPLOITDB CRITICAL text WORKING POC
GLPI Cartography Plugin <6.0.1 - Remote Code Execution via front/upload.php
The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php.
CVSS 9.8
CVE-2022-31056 EXPLOITDB CRITICAL text WORKING POC
GLPI 10.0.0-10.0.2 - SQL Injection via Actor Fields
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and all affected users are advised to upgrade.
CVSS 9.8
CVE-2022-34127 EXPLOITDB HIGH text WORKING POC
Managentities <4.0.2 - Path Traversal
The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter.
CVSS 7.5
CVE-2022-34125 EXPLOITDB MEDIUM text WORKING POC
GLPI CMDB < 3.0.3 - Unauthenticated Sensitive Information Exposure via File Parameter
front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter.
CVSS 6.5
CVE-2022-31062 EXPLOITDB MEDIUM text WORKING POC
glpi_inventory < 1.0.2 - Local File Inclusion via Public Script
### Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used.
CVSS 5.3