Pablo Santiago

9 exploits Active since Aug 2019
CVE-2025-45406 EXPLOITDB MEDIUM python WORKING POC
CodeIgniter4 v4.6.0 - Stored Cross-Site Scripting via Debugbar Time Parameter
A stored cross-site scripting (XSS) vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbar_time parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbar_time, and because debugbar-related data is automatically escaped by the CodeIgniter Parser class.
CVSS 6.1
CVE-2022-50910 EXPLOITDB CRITICAL python WORKING POC
Beehive Forum 1.5.2 - Host Header Injection
Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate password reset requests. Attackers can inject a malicious host header to intercept password reset tokens and change victim account passwords without direct authentication.
CVSS 9.8
EIP-2026-117741 EXPLOITDB text WORKING POC
oXygen XML Editor 21.1.1 - XML External Entity Injection
CVE-2019-14348 EXPLOITDB CRITICAL text WORKING POC
BearDev JoomSport <3.3 - SQL Injection
The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter.
CVSS 9.8
CVE-2019-14345 EXPLOITDB CRITICAL text WORKING POC
TemaTres 3.0 - Privilege Escalation
TemaTres 3.0 allows remote unprivileged users to create an administrator account
CVSS 9.8
CVE-2019-14343 EXPLOITDB MEDIUM text WORKING POC
TemaTres 3.0 - Stored Cross-Site Scripting via value Parameter
TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI.
CVSS 5.4
EIP-2026-105921 EXPLOITDB python WORKING POC
Clinic Management System 1.0 - SQL injection to Remote Code Execution
CVE-2019-14346 EXPLOITDB HIGH text WORKING POC
Schben Adive 2.0.7 - Cross-Site Request Forgery in Admin Config
Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.
CVSS 8.8
CVE-2019-14347 EXPLOITDB HIGH python WORKING POC
Schben Adive < 2.0.7 - Privilege Escalation via User Addition
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.
CVSS 8.8