UNICORD (NicPWNs & Dev-Yeoj)

4 exploits Active since Mar 2020
CVE-2022-25765 NOMISEC HIGH WORKING POC
pdfkit < 0.8.7.2 - Command Injection via URL Parameter
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
CVSS 7.3
CVE-2022-25765 EXPLOITDB HIGH python WORKING POC
pdfkit < 0.8.7.2 - Command Injection via URL Parameter
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
CVSS 7.3
CVE-2020-5844 EXPLOITDB HIGH python WORKING POC
Pandora FMS v7.0 NG - Authenticated RCE
index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020.
CVSS 7.2
CVE-2021-22204 EXPLOITDB MEDIUM python WORKING POC
GitLab Unauthenticated Remote ExifTool Command Injection
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
CVSS 6.8