Peanut886

7 exploits Active since Oct 2022
CVE-2022-3465 WRITEUP HIGH WRITEUP
MediaLink AC1200R Firmware - Improper Authentication in /index.asp
A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700.
CVSS 7.3
CVE-2022-4277 WRITEUP MEDIUM WRITEUP
Shaoxing Background Management System - SQL Injection via /Default/Bd id Parameter
A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214774 is the identifier assigned to this vulnerability.
CVSS 6.3
CVE-2022-4280 WRITEUP MEDIUM WRITEUP
Dot Tech Smart Campus System - Information Disclosure via findUser Endpoint
A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability.
CVSS 4.3
CVE-2023-2900 WRITEUP LOW WRITEUP
NFine Rapid Development Platform 20230511 - Use of Weak Hash in Login Check
A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to use of weak hash. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-229974 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 3.7
CVE-2023-2901 WRITEUP MEDIUM WRITEUP
NFine Rapid Development Platform 20230511 - Unauthenticated Improper Access Control via User/GetGridJson Endpoint
A vulnerability was found in NFine Rapid Development Platform 20230511. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229975. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2023-2902 WRITEUP MEDIUM WRITEUP
NFine Rapid Development Platform 20230511 - Unauthenticated Improper Access Control in Organize/GetTreeGridJson Endpoint
A vulnerability was found in NFine Rapid Development Platform 20230511. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229976. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2024-9328 WRITEUP MEDIUM WRITEUP
Advocate Office Management System 1.0 - SQL Injection via edit_client.php id Parameter
A vulnerability was found in SourceCodester Advocate Office Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /control/edit_client.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3