Ron Jost (Hacker5preme)

55 exploits Active since Mar 2017
CVE-2020-29607 NOMISEC HIGH WORKING POC
Pluck CMS < 4.7.13 - Authenticated Remote Code Execution via File Upload Restriction Bypass
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
6 stars
CVSS 7.2
CVE-2020-29607 NOMISEC HIGH WORKING POC
Pluck CMS < 4.7.13 - Authenticated Remote Code Execution via File Upload Restriction Bypass
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
6 stars
CVSS 7.2
CVE-2021-25076 NOMISEC HIGH WORKING POC
WP User Frontend <3.5.26 - SQL Injection
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
3 stars
CVSS 8.8
CVE-2021-25076 NOMISEC HIGH WORKING POC
WP User Frontend <3.5.26 - SQL Injection
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
3 stars
CVSS 8.8
CVE-2020-29607 NOMISEC HIGH WORKING POC
Pluck CMS < 4.7.13 - Authenticated Remote Code Execution via File Upload Restriction Bypass
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
CVSS 7.2
CVE-2020-29607 NOMISEC HIGH WORKING POC
Pluck CMS < 4.7.13 - Authenticated Remote Code Execution via File Upload Restriction Bypass
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
CVSS 7.2
CVE-2021-24545 NOMISEC MEDIUM WORKING POC
WP HTML Author Bio < 1.2.0 - Authenticated Stored Cross-Site Scripting via User Bio
The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a post in the frontend made by such user. As a result, user with a role as low as author could perform Cross-Site Scripting attacks against users, which could potentially lead to privilege escalation when an admin view the related post/s.
CVSS 5.4
CVE-2015-9323 WRITEUP CRITICAL WORKING POC
404_to_301 < 2.0.3 - SQL Injection
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
CVSS 9.8
CVE-2017-14535 WRITEUP HIGH WORKING POC
Trixbox - 2.8.0.4 OS Command Injection
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
CVSS 8.8
CVE-2017-14537 WRITEUP MEDIUM WORKING POC
Trixbox 2.8.0 - Path Traversal
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
CVSS 6.5
CVE-2017-9380 WRITEUP HIGH WORKING POC
OpenEMR < 5.0.0 - Authenticated Arbitrary File Upload and Remote Code Execution
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
CVSS 8.8
CVE-2018-15139 WRITEUP HIGH WORKING POC
OpenEMR < 5.0.1.4 - Authenticated Arbitrary PHP File Upload via Site Files Manager
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.
CVSS 8.8
CVE-2018-15152 WRITEUP CRITICAL WORKING POC
OpenEMR < 5.0.1.4 - Unauthenticated Authentication Bypass via Patient Portal Registration
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient.
CVSS 9.1
CVE-2018-19423 WRITEUP HIGH WORKING POC
Codiad 2.8.4 - Authenticated Remote Code Execution via File Upload
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.
CVSS 7.2
CVE-2018-6383 WRITEUP HIGH WORKING POC
Monstra CMS < 3.0.4 - Authenticated Remote Code Execution via .pht or .phar File Upload
Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048.
CVSS 8.8
CVE-2019-14530 WRITEUP HIGH WORKING POC
OpenEMR < 5.0.2 - Path Traversal and Arbitrary File Deletion via fileName Parameter
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.
CVSS 8.8
CVE-2019-19208 WRITEUP CRITICAL WORKING POC
Codiad Web IDE <2.8.4 - Code Injection
Codiad Web IDE through 2.8.4 allows PHP Code injection.
CVSS 9.8
CVE-2020-29607 WRITEUP HIGH WORKING POC
Pluck CMS < 4.7.13 - Authenticated Remote Code Execution via File Upload Restriction Bypass
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
CVSS 7.2
CVE-2020-35948 WRITEUP CRITICAL WORKING POC
XCloner Backup and Restore 4.2.1-4.2.12 - Arbitrary File Write & RCE via xcloner_restore.php
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump.
CVSS 9.9
CVE-2021-24862 WRITEUP HIGH WORKING POC
Wordpress RegistrationMagic task_ids Authenticated SQLi
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
CVSS 7.2
CVE-2021-24946 WRITEUP CRITICAL WORKING POC
WordPress Modern Events Calendar SQLi Scanner
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue
CVSS 9.8
CVE-2021-39327 WRITEUP MEDIUM WORKING POC
Wordpress BulletProof Security Backup Disclosure
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
CVSS 5.3
CVE-2021-39352 WRITEUP HIGH WORKING POC
Wordpress Plugin Catch Themes Demo Import RCE
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.
CVSS 7.2
CVE-2021-24750 VULNCHECK_XDB HIGH WORKING POC
WP Visitor Statistics <4.8 - SQL Injection
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks
CVSS 8.8
CVE-2021-25076 VULNCHECK_XDB HIGH WORKING POC
WP User Frontend <3.5.26 - SQL Injection
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
CVSS 8.8