Tim Coen

29 exploits Active since Sep 2015
CVE-2015-9227 EXPLOITDB HIGH text WORKING POC
AlegroCart 1.2.8 - Authenticated Remote Code Execution via File Path Parameter
PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2.
CVSS 7.2
CVE-2015-9226 EXPLOITDB HIGH text WORKING POC
AlegroCart 1.2.8 - Authenticated SQL Injection via Download Parameter
Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php.
CVSS 7.2
CVE-2015-7309 METASPLOIT ruby WORKING POC
Bolt < 2.2.5 - Authenticated Remote Code Execution via Theme Editor File Rename
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.
EIP-2026-114623 EXPLOITDB text WORKING POC
ZeusCart 4.0 - Cross-Site Request Forgery
EIP-2026-114610 EXPLOITDB text WRITEUP
ZenPhoto 1.4.11 - Remote File Inclusion
CVE-2015-5595 EXPLOITDB MEDIUM text WRITEUP
zenphoto < 1.4.9 - Cross-Site Request Forgery in admin.php
Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption).
CVSS 6.5
EIP-2026-114682 EXPLOITDB text WRITEUP
Mezzanine 4.2.0 - Cross-Site Scripting
EIP-2026-114625 EXPLOITDB text WRITEUP
ZeusCart 4.0 - SQL Injection
EIP-2026-111210 EXPLOITDB text WORKING POC
PhpSocial 2.0.0304_20222226 - Cross-Site Request Forgery
EIP-2026-111342 EXPLOITDB text WRITEUP
Pligg CMS 2.0.2 - Multiple SQL Injections
EIP-2026-111341 EXPLOITDB text WRITEUP
Pligg CMS 2.0.2 - Directory Traversal
EIP-2026-111340 EXPLOITDB text WRITEUP
Pligg CMS 2.0.2 - Cross-Site Request Forgery / Code Execution
EIP-2026-111288 EXPLOITDB text WRITEUP
PivotX 2.3.11 - Directory Traversal
EIP-2026-111119 EXPLOITDB text WRITEUP
phplist 3.2.6 - SQL Injection
EIP-2026-110285 EXPLOITDB text WORKING POC
OpenDocMan 1.3.4 - Cross-Site Request Forgery
EIP-2026-109701 EXPLOITDB text WRITEUP
MyBB 1.8.6 - SQL Injection
EIP-2026-109700 EXPLOITDB text WRITEUP
MyBB 1.8.6 - Cross-Site Scripting
EIP-2026-108961 EXPLOITDB text WRITEUP
Kajona 4.7 - Cross-Site Scripting / Directory Traversal
EIP-2026-109097 EXPLOITDB text WRITEUP
LEPTON 2.2.2 - SQL Injection
EIP-2026-109096 EXPLOITDB text WRITEUP
LEPTON 2.2.2 - Remote Code Execution
EIP-2026-107301 EXPLOITDB text WRITEUP
FUDforum 3.0.6 - Local File Inclusion
EIP-2026-107489 EXPLOITDB text WORKING POC
Grawlix 1.0.3 - Cross-Site Request Forgery
EIP-2026-107300 EXPLOITDB text WRITEUP
FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery
EIP-2026-105941 EXPLOITDB text WRITEUP
ClipperCMS 1.3.0 - Multiple SQL Injections
EIP-2026-106050 EXPLOITDB text WRITEUP
CodoForum 3.3.1 - Multiple SQL Injections