Ron Jost (Hacker5preme)

55 exploits Active since Mar 2017
CVE-2018-15139 EXPLOITDB HIGH python WORKING POC
OpenEMR < 5.0.1.4 - Authenticated Arbitrary PHP File Upload via Site Files Manager
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.
CVSS 8.8
CVE-2018-6383 EXPLOITDB HIGH python WORKING POC
Monstra CMS < 3.0.4 - Authenticated Remote Code Execution via .pht or .phar File Upload
Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048.
CVSS 8.8
CVE-2014-8722 EXPLOITDB HIGH python WORKING POC
GetSimple CMS 3.3.4 - Info Disclosure
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.
CVSS 7.5
CVE-2018-19423 EXPLOITDB HIGH python WORKING POC
Codiad 2.8.4 - Authenticated Remote Code Execution via File Upload
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.
CVSS 7.2
CVE-2019-19208 EXPLOITDB CRITICAL python WORKING POC
Codiad Web IDE <2.8.4 - Code Injection
Codiad Web IDE through 2.8.4 allows PHP Code injection.
CVSS 9.8