S1lv3r

5 exploits Active since Apr 2022
CVE-2021-40219 WRITEUP HIGH WORKING POC
Bolt CMS <= 4.2 - Authenticated Remote Code Execution via Theme Template Injection
Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.
CVSS 8.8
CVE-2021-43741 WRITEUP CRITICAL WORKING POC
CMSimple 5.4 - Path Traversal and Remote Code Execution via config.php File Name Manipulation
CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution.
CVSS 9.8
CVE-2021-43742 WRITEUP MEDIUM WORKING POC
CMSimple 5.4 - Cross-Site Scripting via File Upload Feature
CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature.
CVSS 5.4
CVE-2021-47734 EXPLOITDB HIGH python WORKING POC
CMSimple 5.4 - Authenticated Local File Inclusion and Remote Code Execution via Session File Manipulation
CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file upload mechanisms.
CVSS 7.8
EIP-2026-110632 EXPLOITDB python WORKING POC
PHP 7.3.15-3 - 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection