dos-m0nk3y

7 exploits Active since Oct 2024
CVE-2024-48573 WRITEUP CRITICAL WRITEUP
AquilaCMS < 1.409.20 - Unauthenticated NoSQL Injection via Password Reset Feature
A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature.
CVSS 9.8
CVE-2024-50672 WRITEUP CRITICAL WRITEUP
Adapt Learning Adapt Authoring Tool <= 0.11.3 - SQL Injection
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in Mongoose's find() function. This makes it possible for attackers to perform a full takeover of the administrator account. Attackers can then use the newly gained administrative privileges to upload a custom plugin to perform remote code execution (RCE) on the server hosting the web application.
CVSS 9.8
CVE-2024-48572 WRITEUP MEDIUM WRITEUP
aquilacms < 1.409.20 - Unauthenticated User Enumeration via Add User Feature
A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a user" feature. The vulnerability occurs due to insufficiently validated user input being processed as a regular expression, which is then matched against email addresses to find duplicate entries.
CVSS 5.3
CVE-2024-50671 WRITEUP MEDIUM WRITEUP
Adapt Learning Adapt Authoring Tool <= 0.11.3 - Info Disclosure
Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs grants unintended access to endpoints restricted to users with Super Admin roles. This makes it possible for attackers to disclose the email addresses of all users.
CVSS 4.3
CVE-2025-57682 WRITEUP MEDIUM WRITEUP
Papermark < 0.20.0 - Authenticated Path Traversal via S3 Presigned URL Proxy
Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API
CVSS 6.5
CVE-2025-67419 WRITEUP HIGH WRITEUP
evershop < 2.1.0 - Unauthenticated Denial of Service via SVG Processing in Images API
A Denial of Service (DoS) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the processing of SVG files, resulting in unbounded resource consumption and system-wide denial of service.
CVSS 7.5
CVE-2025-67427 WRITEUP MEDIUM WRITEUP
evershop < 2.1.0 - Unauthenticated Blind Server-Side Request Forgery via Images API src Parameter
A Blind Server-Side Request Forgery (SSRF) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits arbitrary HTTP or HTTPS URIs, resulting in unexpected requests against internal and external networks.
CVSS 6.5