Renos Nikolaou

7 exploits Active since Aug 2018
CVE-2018-18382 EXPLOITDB HIGH text WORKING POC
Coderpixel Advanced Hrm - Unrestricted File Upload
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVSS 8.8
CVE-2018-17140 EXPLOITDB MEDIUM text WORKING POC
WordPress Quizlord <2.0 - XSS
The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php.
CVSS 5.4
CVE-2018-17139 EXPLOITDB HIGH text WORKING POC
UltimatePOS 2.5 - RCE
UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type.
CVSS 8.8
CVE-2018-17138 EXPLOITDB MEDIUM text WORKING POC
Jibu Pro <1.7 - XSS
The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field.
CVSS 5.4
CVE-2018-17110 EXPLOITDB CRITICAL text WORKING POC
Simple POS 4.0.24 - SQL Injection
Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1.
CVSS 9.8
CVE-2018-16159 EXPLOITDB CRITICAL text WORKING POC
Codemenschen Gift Vouchers < 2.0.1 - SQL Injection
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
CVSS 9.8
EIP-2026-114182 EXPLOITDB text WORKING POC
WordPress Plugin Wappointment 2.2.4 - Stored Cross-Site Scripting (XSS)