Riccardo Krauter

6 exploits Active since Feb 2019
CVE-2021-28998 WRITEUP HIGH WRITEUP
Cmsmadesimple Cms Made Simple < 2.2.15 - Unrestricted File Upload
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.
CVSS 7.2
CVE-2021-28999 WRITEUP HIGH WRITEUP
Cmsmadesimple Cms Made Simple < 2.2.15 - SQL Injection
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
CVSS 8.8
CVE-2021-40961 WRITEUP HIGH WRITEUP
CMS Made Simple <=2.2.15 - SQL Injection
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
CVSS 8.8
CVE-2019-8903 METASPLOIT HIGH ruby WORKING POC
Total.js prior to 3.2.4 Directory Traversal
index.js in Total.js Platform before 3.2.3 allows path traversal.
CVSS 7.5
CVE-2019-15954 METASPLOIT CRITICAL ruby WORKING POC
Total.js CMS 12.0.0 - Authenticated RCE
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script>
CVSS 9.9
CVE-2019-15954 EXPLOITDB CRITICAL ruby WORKING POC
Total.js CMS 12.0.0 - Authenticated RCE
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script>
CVSS 9.9