jkana

3 exploits Active since Nov 2020
CVE-2021-44529 NOMISEC CRITICAL WORKING POC
Ivanti Endpoint Manager Cloud Services Appliance < 4.5 - Unauthenticated Remote Code Execution
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
5 stars
CVSS 9.8
CVE-2020-28692 WRITEUP HIGH WORKING POC
Gila CMS 1.16.0 - Unrestricted File Upload and Remote Code Execution via .htaccess Abuse
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.
CVSS 7.2
CVE-2020-28693 WRITEUP HIGH WRITEUP
HorizontCMS 1.0.0-beta - Authenticated Unrestricted File Upload via Theme Zip Import
An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name>
CVSS 8.8