Yllxx03

11 exploits Active since Oct 2024
CVE-2024-46307 WRITEUP HIGH WORKING POC
Sparkshop <1.16 - Info Disclosure
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.
CVSS 7.5
CVE-2024-48758 WRITEUP MEDIUM WORKING POC
Timgreen Dingfanzu Cms - CSRF
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code
CVSS 6.1
CVE-2024-50647 WRITEUP HIGH WORKING POC
python_food V1.0 - Info Disclosure
The python_food ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can access it through https://ip:port/api/myapp/index/user/info?id=1 And modify the ID value to obtain sensitive user information beyond authorization.
CVSS 7.5
CVE-2024-50648 WRITEUP CRITICAL WORKING POC
Guchengwuyue Yshopmall - Path Traversal
yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.
CVSS 9.8
CVE-2024-50649 WRITEUP CRITICAL WORKING POC
Timgreen Python Book - Path Traversal
The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability.
CVSS 9.8
CVE-2024-50650 WRITEUP HIGH WORKING POC
Timgreen Python Book - Incorrect Authorization
python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.
CVSS 7.5
CVE-2024-50651 WRITEUP MEDIUM WORKING POC
Geeeeeeeek Java Shop - IDOR
java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.
CVSS 6.5
CVE-2024-50652 WRITEUP MEDIUM WORKING POC
Geeeeeeeek Java Shop - Unrestricted File Upload
A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by modifying the avatar function.
CVSS 4.3
CVE-2024-50653 WRITEUP HIGH WORKING POC
Crmeb < 5.4.0 - Improper Access Control
CRMEB <=5.4.0 is vulnerable to Incorrect Access Control. Users can bypass the front-end restriction of only being able to claim coupons once by capturing packets and sending a large number of data packets for coupon collection, achieving unlimited coupon collection.
CVSS 7.5
CVE-2024-50654 WRITEUP HIGH WORKING POC
Pickmall Lilishop < 4.2.4 - Origin Validation Error
lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency.
CVSS 7.5
CVE-2024-50655 WRITEUP MEDIUM WRITEUP
Emlog < 2.3.18 - XSS
emlog pro <=2.3.18 is vulnerable to Cross Site Scripting (XSS), which allows attackers to write malicious JavaScript code in published articles.
CVSS 5.4