S1lv3r

5 exploits Active since Apr 2022
CVE-2021-40219 WRITEUP HIGH WORKING POC
Bolt CMS <= 4.2 - RCE
Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.
CVSS 8.8
CVE-2021-43741 WRITEUP CRITICAL WORKING POC
CMSimple 5.4 - Path Traversal
CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution.
CVSS 9.8
CVE-2021-43742 WRITEUP MEDIUM WORKING POC
CMSimple 5.4 - XSS
CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature.
CVSS 5.4
CVE-2021-47734 EXPLOITDB HIGH python WORKING POC
Cmsimple - Remote File Inclusion
CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file upload mechanisms.
CVSS 7.8
EIP-2026-110632 EXPLOITDB python WORKING POC
PHP 7.3.15-3 - 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection