h4ckr4v3n

5 exploits Active since Jan 2025
CVE-2024-46209 NOMISEC MEDIUM WRITEUP
Redaxo - XSS
A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter.
CVSS 5.4
CVE-2024-57546 WRITEUP HIGH WRITEUP
CMSimple <5.16 - Info Disclosure
An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function.
CVSS 7.5
CVE-2024-57547 WRITEUP HIGH WRITEUP
Cmsimple - Incorrect Permission Assignment
Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files.
CVSS 7.5
CVE-2024-57548 WRITEUP CRITICAL WRITEUP
Cmsimple - Incorrect Default Permissions
CMSimple 5.16 allows the user to edit log.php file via print page.
CVSS 9.1
CVE-2024-57549 WRITEUP HIGH WRITEUP
Cmsimple - Path Traversal
CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request.
CVSS 7.5