Roel van Beurden

7 exploits Active since Aug 2020
CVE-2020-24861 EXPLOITDB MEDIUM text WORKING POC
Get-simple Getsimple Cms - XSS
GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page
CVSS 5.4
CVE-2020-24860 EXPLOITDB MEDIUM text WRITEUP
Cmsmadesimple Cms Made Simple - XSS
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.
CVSS 5.4
CVE-2020-25990 EXPLOITDB CRITICAL text WORKING POC
Websitebaker - SQL Injection
WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CVSS 9.8
CVE-2020-17462 EXPLOITDB HIGH text WORKING POC
CMS Made Simple <2.2.14 - Auth Bypass
CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798.
CVSS 7.8
CVE-2022-1104 EXPLOITDB MEDIUM text WORKING POC
Code-atlantic Popup Maker < 1.16.5 - XSS
The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVSS 4.8
CVE-2022-1103 EXPLOITDB HIGH text WRITEUP
Advanced Uploader < 4.2 - Unrestricted File Upload
The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE
CVSS 8.8
EIP-2026-107303 EXPLOITDB text WORKING POC
Fuel CMS 1.4.7 - 'col' SQL Injection (Authenticated)