Simone Cristofaro

3 exploits Active since Nov 2021
CVE-2020-16152 NOMISEC CRITICAL WORKING POC
Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.
11 stars
CVSS 9.8
CVE-2021-42362 METASPLOIT HIGH ruby WORKING POC
Wordpress Popular Posts < 5.3.2 - Unrestricted File Upload
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.
CVSS 8.8
CVE-2021-42362 EXPLOITDB HIGH python WORKING POC
Wordpress Popular Posts < 5.3.2 - Unrestricted File Upload
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.
CVSS 8.8