drew-byte

4 exploits Active since Sep 2025
CVE-2025-10115 WRITEUP HIGH WORKING POC
SiempreCMS <= 1.3.6 - SQL Injection via user_search_ajax.php name/userName Parameter
A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file user_search_ajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 7.3
CVE-2025-10116 WRITEUP HIGH WRITEUP
SiempreCMS <1.3.6 - Unrestricted Upload
A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/file_upload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used.
CVSS 7.3
CVE-2025-10410 WRITEUP MEDIUM WRITEUP
SourceCodester Link Status Checker 1.0 - Server-Side Request Forgery via Proxy Argument
A security vulnerability has been detected in SourceCodester Link Status Checker 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument proxy leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVSS 6.3
CVE-2025-10592 WRITEUP MEDIUM WRITEUP
Online Public Access Catalog 1.0 - SQL Injection via mysearch.php POST Parameter
A security vulnerability has been detected in itsourcecode Online Public Access Catalog OPAC 1.0. This impacts an unknown function of the file mysearch.php of the component POST Parameter Handler. Such manipulation of the argument search_field/search_text leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
CVSS 6.3