SunCSR

19 exploits Active since Feb 2020
CVE-2021-47903 EXPLOITDB HIGH text WORKING POC
LiteSpeed Web Server Enterprise 5.4.11 - Command Injection
LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path traversal and bash command injection.
CVSS 8.8
CVE-2020-37019 EXPLOITDB MEDIUM text WORKING POC
Orchard Core RC1 - Stored Cross-Site Scripting via Blog Post MarkdownBodyPart.Source Parameter
Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.
CVSS 6.4
CVE-2020-26670 EXPLOITDB HIGH text WORKING POC
BigTree CMS <4.4.10 - Command Injection
A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function.
CVSS 8.8
CVE-2020-26669 EXPLOITDB MEDIUM text WORKING POC
BigTree CMS < 4.4.10 - Authenticated Stored Cross-Site Scripting via Page Content
A stored cross-site scripting (XSS) vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update.
CVSS 5.4
CVE-2020-26668 EXPLOITDB HIGH text WORKING POC
BigTree CMS <4.4.10 - SQL Injection
A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function.
CVSS 8.8
CVE-2020-25343 EXPLOITDB MEDIUM text WORKING POC
Symphony CMS 3.0.0 - Stored Cross-Site Scripting via Event Publish Article Body Field
Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields['body'] param via events\event.publish_article.php
CVSS 5.4
CVE-2020-14960 EXPLOITDB HIGH text WORKING POC
php-fusion 9.03.50 - SQL Injection via Comments Administration Endpoint ctype Parameter
A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,
CVSS 7.2
CVE-2020-11530 METASPLOIT CRITICAL ruby WORKING POC
idangero chop_slider - Blind SQL Injection via id GET Parameter
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
CVSS 9.8
EIP-2026-114301 EXPLOITDB text WORKING POC
Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection (Authenticated)
EIP-2026-113763 EXPLOITDB text WORKING POC
WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)
CVE-2020-11530 EXPLOITDB CRITICAL text WORKING POC
idangero chop_slider - Blind SQL Injection via id GET Parameter
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
CVSS 9.8
CVE-2020-12704 EXPLOITDB MEDIUM text WORKING POC
UliCMS < 2020.2 - Stored Cross-Site Scripting in PageController
UliCMS before 2020.2 has PageController stored XSS.
CVSS 6.1
CVE-2020-12706 EXPLOITDB MEDIUM text WORKING POC
php-fusion 9.03.50 - Cross-Site Scripting via FAQ or Shoutbox Admin Panel go Parameter
Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php
CVSS 5.4
CVE-2020-12707 EXPLOITDB MEDIUM text WORKING POC
LeptonCMS 4.5.0 - Stored Cross-Site Scripting via Event Handler Injection
An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements.
CVSS 6.1
EIP-2026-106624 EXPLOITDB text WORKING POC
E-Commerce System 1.0 - Unauthenticated Remote Code Execution
EIP-2026-106261 EXPLOITDB text WORKING POC
CSZ CMS 1.2.9 - Multiple Cross-Site Scripting
EIP-2026-104372 EXPLOITDB text WORKING POC
Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated) (1)
CVE-2020-1938 EXPLOITDB CRITICAL ruby WORKING POC
Apache Tomcat 7.0.0-7.0.99, 8.5.0-8.5.50, 9.0.0.M1-9.0.0.30 - Remote Code Execution via AJP File Read and JSP Processing
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
CVSS 9.8
CVE-2020-13951 EXPLOITDB HIGH text WORKING POC
Apache OpenMeetings 4.0.0-5.0.0 - Denial of Service via NetTest Web Service
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
CVSS 7.5