drew-byte

4 exploits Active since Sep 2025
CVE-2025-10115 WRITEUP HIGH WORKING POC
SiempreCMS <1.3.6 - SQL Injection
A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file user_search_ajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 7.3
CVE-2025-10116 WRITEUP HIGH WRITEUP
SiempreCMS <1.3.6 - Unrestricted Upload
A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/file_upload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used.
CVSS 7.3
CVE-2025-10410 WRITEUP MEDIUM WRITEUP
Rems Link Status Checker - SSRF
A security vulnerability has been detected in SourceCodester Link Status Checker 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument proxy leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVSS 6.3
CVE-2025-10592 WRITEUP MEDIUM WRITEUP
Carenlove Online Public Access Catalog - Injection
A security vulnerability has been detected in itsourcecode Online Public Access Catalog OPAC 1.0. This impacts an unknown function of the file mysearch.php of the component POST Parameter Handler. Such manipulation of the argument search_field/search_text leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
CVSS 6.3