jkana

3 exploits Active since Nov 2020
CVE-2021-44529 NOMISEC CRITICAL WORKING POC
Ivanti Endpoint Manager Cloud Services Appliance - Code Injection
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
5 stars
CVSS 9.8
CVE-2020-28692 WRITEUP HIGH WORKING POC
Gilacms Gila Cms - Unrestricted File Upload
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.
CVSS 7.2
CVE-2020-28693 WRITEUP HIGH WRITEUP
Horizontcms - Unrestricted File Upload
An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name>
CVSS 8.8