darkpills

2 exploits Active since Apr 2022

CVE-2021-25094 NOMISEC HIGH WORKING POC

Tatsu Wordpress Plugin RCE

The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker.

9 stars

CVSS 8.1

View Code

CVE-2024-28861 WRITEUP CRITICAL WRITEUP

symfony1 1.1.0-1.5.18 - Remote Code Execution via sfNamespacedParameterHolder Deserialization

Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in `sfNamespacedParameterHolder` class that would enable an attacker to get remote code execution if a developer deserializes user input in their project. Version 1.5.19 contains a patch for the issue.

CVSS 9.8

View Code