leekenghwa

8 exploits Active since Apr 2023
CVE-2023-34830 NOMISEC MEDIUM WRITEUP
I-doit < 24 - XSS
i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page.
3 stars
CVSS 5.4
CVE-2023-37756 NOMISEC CRITICAL WRITEUP
I-doit pro <25 - Info Disclosure
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.
1 stars
CVSS 9.8
CVE-2023-33817 NOMISEC HIGH WRITEUP
hoteldruid <3.0.5 - SQL Injection
hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.
1 stars
CVSS 8.8
CVE-2023-46003 NOMISEC MEDIUM WRITEUP
I-doit pro <25 - XSS
I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.
CVSS 5.4
CVE-2023-37739 NOMISEC MEDIUM WRITEUP
I-doit < 25 - Path Traversal
i-doit Pro v25 and below was discovered to be vulnerable to path traversal.
CVSS 6.5
CVE-2023-37755 NOMISEC CRITICAL WRITEUP
I-doit < 25 - Hard-coded Credentials
i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator privileges, resulting in them being able to perform arbitrary system operations or cause a Denial of Service (DoS).
CVSS 9.8
CVE-2023-34537 NOMISEC MEDIUM WRITEUP
Digitaldruid Hoteldruid - XSS
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.
CVSS 5.4
CVE-2023-26852 NOMISEC HIGH WRITEUP
Textpattern <4.8.8 - RCE
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.
CVSS 7.2