g0ldm45k

5 exploits Active since Jan 2019
CVE-2020-24949 NOMISEC HIGH WORKING POC
php-fusion 9.03.50 - Authenticated Remote Code Execution via Downloads Endpoint
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).
CVSS 8.8
CVE-2018-16167 NOMISEC CRITICAL WORKING POC
LogonTracer < 1.2.0 - OS Command Injection
LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVSS 9.8
CVE-2021-32305 EXPLOITDB CRITICAL python WORKING POC
WebSVN < 2.6.1 - Remote Code Execution via Search Parameter
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
CVSS 9.8
CVE-2020-24949 EXPLOITDB HIGH python WORKING POC
php-fusion 9.03.50 - Authenticated Remote Code Execution via Downloads Endpoint
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).
CVSS 8.8
CVE-2018-16167 EXPLOITDB CRITICAL python WORKING POC
LogonTracer < 1.2.0 - OS Command Injection
LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVSS 9.8