Vikas Chaudhary

5 exploits Active since Aug 2018
CVE-2019-7441 EXPLOITDB MEDIUM text WORKING POC
WooCommerce PayPal Checkout Payment Gateway <1.6.8 - Info Disclosure
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the amount can be manipulated in the PayPal payment flow. However, the amount is validated against the WooCommerce order total before completing the order, and if it doesn’t match then the order will be left in an “On Hold” state
CVSS 6.5
CVE-2019-7438 EXPLOITDB MEDIUM text WORKING POC
JioFi 4G M2S 1.0.2 - Cross-Site Scripting via mask POST Parameter
cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter.
CVSS 6.1
CVE-2019-7440 EXPLOITDB MEDIUM html WORKING POC
JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery via Wi-Fi Settings
JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi).
CVSS 6.5
CVE-2019-7439 EXPLOITDB MEDIUM text WORKING POC
JioFi 4G M2S 1.0.2 - Denial of Service via mask POST Parameter
cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter.
CVSS 6.5
CVE-2018-15181 EXPLOITDB MEDIUM text WORKING POC
JioFi 4G Hotspot M2S Firmware - Denial of Service via XSS in SSID and Security Key Fields
JioFi 4G Hotspot M2S devices allow attackers to cause a denial of service (secure configuration outage) via an XSS payload in the SSID name and Security Key fields.
CVSS 6.5