Thirukrishnan

5 exploits Active since Jun 2023
CVE-2023-50164 NOMISEC CRITICAL WORKING POC
Apache Struts < 2.5.33 - Remote Code Execution
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
1 stars
CVSS 9.8
CVE-2024-27665 NOMISEC MEDIUM WRITEUP
Unifiedtransform v2.X - XSS
Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module.
CVSS 5.4
CVE-2023-33408 NOMISEC MEDIUM WORKING POC
Minical 1.0.0 - XSS
Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application's user input handling in the security_helper.php file.
CVSS 5.4
CVE-2023-33409 NOMISEC MEDIUM WRITEUP
Minical 1.0.0 - CSRF
Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php.
CVSS 6.5
CVE-2023-33410 NOMISEC HIGH WORKING POC
Minical <1.0.0 - Code Injection
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file.
CVSS 8.8