ZackSecurity

7 exploits Active since May 2022
CVE-2022-30007 WRITEUP HIGH WRITEUP
GXCMS V1.5 - Unauthenticated Arbitrary File Upload via Template Management
GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server.
CVSS 7.2
CVE-2024-25852 WRITEUP HIGH WRITEUP
Linksys RE7000 - Command Injection
Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights.
CVSS 8.8
CVE-2024-34256 WRITEUP CRITICAL WRITEUP
ofcms 1.1.2 - SQL Injection via New Table Function
OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function.
CVSS 9.8
CVE-2024-34257 WRITEUP CRITICAL WRITEUP
TOTOLINK EX1800T <V9.1.0cu.2112 - Command Injection
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.
CVSS 9.8
CVE-2024-42905 WRITEUP CRITICAL WRITEUP
DCME-320 <7.4.12.60 - Command Injection
Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the getVar function in the code/function/system/tool/ping.php file.
CVSS 9.8
CVE-2024-51114 WRITEUP HIGH WRITEUP
Beijing Digital China Yunke Information Technology Co.Ltd - Remote Code Execution
An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file
CVSS 8.8
CVE-2025-28256 WRITEUP CRITICAL WORKING POC
TOTOLINK A3100R V4.1.2cu.5247_B20211129 - Remote Code Execution via setWebWlanIdx in wireless.so
An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so.
CVSS 9.8