Wadeek

CVE-2020-37150 EXPLOITDB HIGH text WORKING POC

Edimax EW-7438RPn-v3 Mini 1.27 - Info Disclosure

Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without authentication.

CVSS 7.5

View Code

CVE-2020-37149 EXPLOITDB HIGH text WORKING POC

Edimax EW-7438RPn-v3 Mini 1.27 - CSRF

Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's privileges.

CVSS 8.1

View Code

CVE-2020-37125 EXPLOITDB CRITICAL text WORKING POC

Edimax EW-7438RPn-v3 Mini 1.27 - RCE

Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download and execute malicious scripts on the device.

CVSS 9.8

View Code

CVE-2020-36848 METASPLOIT HIGH ruby WORKING POC

Total Upkeep - WordPress Backup Plugin <1.14.9 - Info Disclosure

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to find the location of back-up files and subsequently download them.

CVSS 7.5

View Code

EIP-2026-114062 EXPLOITDB text WORKING POC

WordPress Plugin Site Import 1.0.1 - Local/Remote File Inclusion

View Code

EIP-2026-114248 EXPLOITDB php WORKING POC

WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion

View Code

EIP-2026-113713 EXPLOITDB text WORKING POC

WordPress Plugin eBook Download 1.1 - Directory Traversal

View Code

EIP-2026-113827 EXPLOITDB text WORKING POC

WordPress Plugin Import CSV 1.0 - Directory Traversal

View Code

EIP-2026-113583 EXPLOITDB text WORKING POC

WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup

View Code

EIP-2026-111354 EXPLOITDB text WORKING POC

Pluck CMS 4.7 - Directory Traversal

View Code

EIP-2026-111017 EXPLOITDB text WORKING POC

PHPCollab 2.5 - 'deletetopics.php' SQL Injection

View Code

EIP-2026-110278 EXPLOITDB text WORKING POC

OpenCimetiere 3.0.0-a5 - Blind SQL Injection

View Code

EIP-2026-109877 EXPLOITDB text WRITEUP

NetBilletterie 2.8 - Multiple Vulnerabilities

View Code

EIP-2026-106747 EXPLOITDB perl WORKING POC

EC-CUBE 2.12.6 - Server-Side Request Forgery

View Code

EIP-2026-105760 EXPLOITDB text WORKING POC

Categorizator 0.3.1 - SQL Injection

View Code

EIP-2026-105838 EXPLOITDB text WORKING POC

Chronosite 5.12 - SQL Injection

View Code

EIP-2026-104498 EXPLOITDB text WRITEUP

WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download

View Code

EIP-2026-102056 EXPLOITDB ruby WORKING POC

TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)

View Code

EIP-2026-102054 EXPLOITDB ruby WORKING POC

TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)

View Code

EIP-2026-101874 EXPLOITDB text WORKING POC

Netgear WiFi Router R6120 - Credential Disclosure

View Code

EIP-2026-101873 EXPLOITDB text WORKING POC

Netgear WiFi Router JWNR2010v5 / R6080 - Authentication Bypass

View Code

EIP-2026-101533 EXPLOITDB text WORKING POC

AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)

View Code

EIP-2026-101558 EXPLOITDB text WORKING POC

Belkin N600DB Wireless Router - Multiple Vulnerabilities

View Code

EIP-2026-102064 EXPLOITDB text WORKING POC

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot

View Code

EIP-2026-102057 EXPLOITDB ruby WORKING POC

TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)

View Code