Patrick Nassef aka (30T4)

4 exploits Active since Nov 2023
CVE-2021-43419 WRITEUP HIGH WRITEUP
Opay Mobile <1.5.1.26 - Info Disclosure
An Information Disclosure vulnerability exists in Opay Mobile application 1.5.1.26 and maybe be higher in the logcat app.
CVSS 7.5
CVE-2023-47020 WRITEUP HIGH WRITEUP
Ncratleos Terminal Handler - CSRF
Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types.
CVSS 8.8
CVE-2023-47022 WRITEUP MEDIUM WRITEUP
NCR Terminal Handler <1.5.1 - Info Disclosure
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.
CVSS 6.5
CVE-2023-47024 WRITEUP HIGH WRITEUP
Ncratleos Terminal Handler - CSRF
Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types.
CVSS 8.8