Rodolfo Tavares

3 exploits Active since Sep 2020
CVE-2023-26876 METASPLOIT HIGH ruby WORKING POC
Piwigo CVE-2023-26876 Gather Credentials via SQL Injection
SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint.
CVSS 8.8
CVE-2020-25790 EXPLOITDB HIGH python WORKING POC
Typesetter < 5.1 - Unrestricted File Upload
Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2
CVSS 7.2
CVE-2022-23046 EXPLOITDB HIGH python WORKING POC
Phpipam - SQL Injection
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
CVSS 7.2