h4ckr4v3n

5 exploits Active since Jan 2025
CVE-2024-46209 NOMISEC MEDIUM WRITEUP
REDAXO CMS 5.17.1 - Stored Cross-Site Scripting via Password Parameter in /media/test.html
A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter.
CVSS 5.4
CVE-2024-57546 WRITEUP HIGH WRITEUP
CMSimple 5.16 - Insecure Storage of Sensitive Information via Validate Link Function
An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function.
CVSS 7.5
CVE-2024-57547 WRITEUP HIGH WRITEUP
CMSimple 5.16 - Insecure Permissions Leading to Sensitive Information Disclosure via Backup File Download
Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files.
CVSS 7.5
CVE-2024-57548 WRITEUP CRITICAL WRITEUP
CMSimple 5.16 - Unauthenticated Arbitrary File Write via Log.php Print Page
CMSimple 5.16 allows the user to edit log.php file via print page.
CVSS 9.1
CVE-2024-57549 WRITEUP HIGH WRITEUP
CMSimple 5.16 - Path Traversal via File Parameter
CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request.
CVSS 7.5