SunCSR (Sun* Cyber Security Research)

8 exploits Active since May 2020
CVE-2020-37019 EXPLOITDB MEDIUM text WORKING POC
Orchard Core RC1 - XSS
Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.
CVSS 6.4
CVE-2020-25343 EXPLOITDB MEDIUM text WORKING POC
Symphony - XSS
Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields['body'] param via events\event.publish_article.php
CVSS 5.4
CVE-2020-11530 EXPLOITDB CRITICAL text WORKING POC
Idangero Chop Slider - SQL Injection
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
CVSS 9.8
EIP-2026-113472 EXPLOITDB text WORKING POC
WonderCMS 3.1.3 - 'uploadFile' Stored Cross-Site Scripting
EIP-2026-113763 EXPLOITDB text WORKING POC
WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)
EIP-2026-111748 EXPLOITDB python WORKING POC
Responsive FileManager 9.13.4 - 'path' Path Traversal
CVE-2020-12706 EXPLOITDB MEDIUM text WORKING POC
PHP-Fusion 9.03.50 - XSS
Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php
CVSS 5.4
CVE-2020-12707 EXPLOITDB MEDIUM text WORKING POC
LeptonCMS 4.5.0 - XSS
An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements.
CVSS 6.1