lemon666

4 exploits Active since May 2019
CVE-2017-12788 WRITEUP MEDIUM WRITEUP
Metinfo 5.3.18 - Cross-Site Scripting via class1 or anyid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter.
CVSS 6.1
CVE-2017-12789 WRITEUP HIGH WRITEUP
Metinfo 5.3.18 - Cross-Site Request Forgery in admin/interface/online/delete.php
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state.
CVSS 8.8
CVE-2017-12790 WRITEUP MEDIUM WRITEUP
Metinfo 5.3.18 - Cross-Site Request Forgery in admin/index.php
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state.
CVSS 6.5
CVE-2020-18215 WRITEUP HIGH WRITEUP
PHPSHE 1.7 - SQL Injection via ad_id, menu_id, or cashout_id Parameters
Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code.
CVSS 8.8