Vishwaraj Bhattrai - Security Researcher - Exploit Intelligence Platform

CVE-2022-44384 EXPLOITDB HIGH python WORKING POC

rconfig 3.9.6 - Arbitrary File Upload and Remote Code Execution via PHP File

An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.

CVSS 8.8

View Code

CVE-2022-43138 EXPLOITDB CRITICAL text WORKING POC

Dolibarr Open Source ERP & CRM <14.0.1 - Privilege Escalation

Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.

CVSS 9.8

View Code

CVE-2022-44384 METASPLOIT HIGH ruby WORKING POC

rconfig 3.9.6 - Arbitrary File Upload and Remote Code Execution via PHP File

An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.

CVSS 8.8

View Code

CVE-2018-20523 EXPLOITDB MEDIUM text WORKING POC

Xiaomi Stock Browser 10.2.4.g - Unauthenticated Information Disclosure via Content Provider Injection

Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request.

CVSS 5.3

View Code