jenaye - Security Researcher - Exploit Intelligence Platform

CVE-2020-14146 WRITEUP MEDIUM WORKING POC

Kumbiaphp < 1.1.1 - XSS

KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO.

CVSS 5.4

View Code

CVE-2020-14421 WRITEUP HIGH WRITEUP

aaPanel <6.6.6 - Command Injection

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.

CVSS 7.2

View Code

CVE-2020-14950 WRITEUP HIGH WRITEUP

aaPanel <6.6.6 - Command Injection

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store.

CVSS 8.8

View Code

CVE-2022-34328 WRITEUP MEDIUM WORKING POC

Sigb Pmb - XSS

PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.

CVSS 6.1

View Code