Ron Jost (Hacker5preme)

39 exploits Active since Mar 2017
CVE-2021-24145 EXPLOITDB HIGH python WORKING POC
Webnus Modern Events Calendar Lite < 5.16.5 - Unrestricted File Upload
Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.
CVSS 7.2
CVE-2021-24946 EXPLOITDB CRITICAL python SCANNER
WordPress Modern Events Calendar SQLi Scanner
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue
CVSS 9.8
CVE-2021-24762 EXPLOITDB CRITICAL python WORKING POC
The Perfect Survey WP <1.5.2 - SQL Injection
The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.
CVSS 9.8
CVE-2017-14537 EXPLOITDB MEDIUM python WORKING POC
Trixbox 2.8.0 - Path Traversal
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
CVSS 6.5
CVE-2017-14535 EXPLOITDB HIGH python WORKING POC
Trixbox - 2.8.0.4 OS Command Injection
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
CVSS 8.8
CVE-2020-29607 EXPLOITDB HIGH python WORKING POC
Pluck CMS <4.7.13 - RCE
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
CVSS 7.2
CVE-2017-9380 EXPLOITDB HIGH python WORKING POC
OpenEMR <5.0.0 - Code Injection
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
CVSS 8.8
CVE-2019-14530 EXPLOITDB HIGH python WORKING POC
OpenEMR <5.0.2 - Info Disclosure
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.
CVSS 8.8
CVE-2018-15152 EXPLOITDB CRITICAL python WORKING POC
OpenEMR <5.0.1.4 - Auth Bypass
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient.
CVSS 9.1
CVE-2018-15139 EXPLOITDB HIGH python WORKING POC
OpenEMR <5.0.1.4 - Code Injection
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.
CVSS 8.8
CVE-2018-6383 EXPLOITDB HIGH python WORKING POC
Monstra CMS <3.0.4 - RCE
Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048.
CVSS 8.8
CVE-2014-8722 EXPLOITDB HIGH python WORKING POC
GetSimple CMS 3.3.4 - Info Disclosure
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.
CVSS 7.5
CVE-2018-19423 EXPLOITDB HIGH python WORKING POC
Codiad 2.8.4 - Command Injection
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.
CVSS 7.2
CVE-2019-19208 EXPLOITDB CRITICAL python WORKING POC
Codiad Web IDE <2.8.4 - Code Injection
Codiad Web IDE through 2.8.4 allows PHP Code injection.
CVSS 9.8