b3kc4t (Mustafa GUNDOGDU)

2 exploits Active since Nov 2020
CVE-2020-35729 NOMISEC CRITICAL WORKING POC
klog_server 2.4.1 - OS Command Injection via User Parameter
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
5 stars
CVSS 9.8
CVE-2020-29395 EXPLOITDB MEDIUM python WORKING POC
EventON < 3.0.5 - Cross-Site Scripting via Search Field
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
CVSS 6.1