im-hanzou

14 exploits Active since Oct 2021
CVE-2021-41773 NOMISEC CRITICAL SCANNER
Apache 2.4.49/2.4.50 Traversal RCE
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
22 stars
CVSS 9.8
CVE-2023-3076 NOMISEC CRITICAL WORKING POC
WordPress MStore API <3.9.9 - Privilege Escalation
The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features.
16 stars
CVSS 9.8
CVE-2023-28121 NOMISEC CRITICAL WORKING POC
WooCommerce Payments < 4.8.2 and WooPayments < 5.6.2 - Unauthenticated Privilege Escalation via Request Forgery
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
11 stars
CVSS 9.8
CVE-2022-4060 NOMISEC CRITICAL SCANNER
User Post Gallery WP <2.19 - Code Injection
The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.
8 stars
CVSS 9.8
CVE-2022-4061 NOMISEC HIGH WORKING POC
JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload
The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.
6 stars
CVSS 7.5
CVE-2022-1386 NOMISEC CRITICAL WORKING POC
Fusion Builder < 3.6.2 - Server-Side Request Forgery via Unvalidated Form Parameter
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.
6 stars
CVSS 9.8
CVE-2023-0159 NOMISEC HIGH SCANNER
Extensive VC Addons for WPBakery <1.9.1 - Info Disclosure
The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.
2 stars
CVSS 7.5
CVE-2022-4063 NOMISEC CRITICAL WORKING POC
InPost Gallery <2.1.4.1 - Code Injection
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.
2 stars
CVSS 9.8
CVE-2022-4047 NOMISEC CRITICAL WORKING POC
WordPress Return Refund and Exchange for WooCommerce <4.0.9 - PHP File Upload
The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE
1 stars
CVSS 9.8
CVE-2022-0591 NOMISEC CRITICAL SCANNER
FormCraft WP <3.8.28 - Server-Side Request Forgery via URL Parameter
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users
1 stars
CVSS 9.1
CVE-2026-3844 NOMISEC CRITICAL WORKING POC
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited if "Host Files Locally - Gravatars" is enabled, which is disabled by default.
CVSS 9.8
CVE-2025-56399 NOMISEC HIGH WORKING POC
alexusmai laravel-file-manager <3.3.1 - Authenticated RCE
alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted file upload. A file with a '.png` extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side validation, the file is still saved on the server. The attacker can then use the rename API to change the file extension to `.php`, and upon accessing it via a public URL, the server executes the embedded code.
CVSS 8.8
CVE-2025-55182 NOMISEC CRITICAL WRITEUP
React Server Components <19.2.0 - RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
CVSS 10.0
CVE-2025-14847 NOMISEC HIGH WORKING POC
MongoDB Memory Disclosure (CVE-2025-14847) - Mongobleed
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.
CVSS 7.5