g4nkd

2 exploits Active since May 2023

CVE-2024-22120 NOMISEC CRITICAL WORKING POC

Zabbix 6.0.0-6.0.27 - Time-Based Blind SQL Injection via Audit Log Client IP Field

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.

3 stars

CVSS 9.1

View Code

CVE-2023-30253 NOMISEC HIGH WORKING POC

Dolibarr < 17.0.1 - Authenticated Remote Code Execution via Uppercase PHP Tag Injection

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.

1 stars

CVSS 8.8

View Code