Sarang Tumne @CyberInsane

5 exploits Active since Nov 2020
CVE-2020-28183 WRITEUP CRITICAL WORKING POC
SourceCodester Water Billing System 1.0 - SQL Injection via Username and Password Parameters
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.
CVSS 9.8
CVE-2022-26521 WRITEUP HIGH WRITEUP
Abantecart <= 1.3.2 - Authenticated Remote Code Execution via Media Manager Image Upload
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type).
CVSS 7.2
CVE-2022-26982 WRITEUP HIGH WRITEUP
SimpleMachinesForum <2.1.1 - Authenticated RCE
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify themes, and can thus choose any PHP code that they wish to have executed on the server.
CVSS 7.2
CVE-2022-26986 WRITEUP HIGH WRITEUP
ImpressCMS < 1.4.3 - SQL Injection
SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to compromise the entire system.
CVSS 7.2
CVE-2022-26986 EXPLOITDB HIGH text WORKING POC
ImpressCMS < 1.4.3 - SQL Injection
SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to compromise the entire system.
CVSS 7.2