Thirukrishnan

6 exploits Active since Jun 2023
CVE-2023-50164 NOMISEC CRITICAL WORKING POC
Apache Struts 2.0.0-2.5.32 - Path Traversal and Remote Code Execution via File Upload
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
1 stars
CVSS 9.8
CVE-2024-27665 NOMISEC MEDIUM WRITEUP
Unifiedtransform v2.X - Stored Cross-Site Scripting via Syllabus Module File Upload
Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module.
CVSS 5.4
CVE-2023-33408 NOMISEC MEDIUM WORKING POC
Minical 1.0.0 - Cross-Site Scripting in security_helper.php
Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application's user input handling in the security_helper.php file.
CVSS 5.4
CVE-2023-33409 NOMISEC MEDIUM WRITEUP
minical 1.0.0 - Cross-Site Request Forgery via Company Settings Controller
Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php.
CVSS 6.5
CVE-2023-33410 NOMISEC HIGH WORKING POC
Minical <= 1.0.0 - CSV Injection via Customer Name Field
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file.
CVSS 8.8
CVE-2024-27665 WRITEUP MEDIUM WRITEUP
Unifiedtransform v2.X - Stored Cross-Site Scripting via Syllabus Module File Upload
Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module.
CVSS 5.4