jenaye

4 exploits Active since Jun 2020
CVE-2020-14146 WRITEUP MEDIUM WORKING POC
KumbiaPHP < 1.1.1 - Cross-Site Scripting via PATH_INFO in Development Mode
KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO.
CVSS 5.4
CVE-2020-14421 WRITEUP HIGH WRITEUP
aaPanel < 6.6.6 - Authenticated Remote Code Execution via Cron Job Script Content
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.
CVSS 7.2
CVE-2020-14950 WRITEUP HIGH WRITEUP
aaPanel < 6.6.6 - Authenticated OS Command Injection via Software Store ServiceAdmin Request
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store.
CVSS 8.8
CVE-2022-34328 WRITEUP MEDIUM WORKING POC
PMB 7.3.10 - Reflected Cross-Site Scripting via id Parameter
PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.
CVSS 6.1