l8BL

3 exploits Active since Aug 2024
CVE-2024-47066 NOMISEC CRITICAL WORKING POC
lobehub/lobe_chat < 1.19.13 - Server-Side Request Forgery via Redirect Bypass
Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in `src/app/api/proxy/route.ts` does not consider redirect and could be bypassed when attacker provides an external malicious URL which redirects to internal resources like a private network or loopback address. Version 1.19.13 contains an improved fix for the issue.
3 stars
CVSS 9.0
CVE-2024-7856 NOMISEC HIGH WORKING POC
MP3 Audio Player by Sonaar <= 5.7.0.1 - Arbitrary File Deletion via removeTempFiles
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles() function and insufficient path validation on the 'file' parameter in all versions up to, and including, 5.7.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files which can make remote code execution possible when wp-config.php is deleted.
1 stars
CVSS 8.1
CVE-2025-44998 NOMISEC MEDIUM WRITEUP
TinyFileManager 2.4.7 - Stored Cross-Site Scripting via js-theme-3 Parameter
A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter.
CVSS 6.1