luckybool1020

2 exploits Active since Mar 2018

CVE-2018-8045 NOMISEC HIGH WORKING POC

Joomla! 3.5.0-3.8.5 - SQL Injection in User Notes List View

In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.

4 stars

CVSS 8.8

View Code

CVE-2019-16097 NOMISEC MEDIUM WORKING POC

Harbor 1.7.0-1.8.2 - Privilege Escalation

core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.

2 stars

CVSS 6.5

View Code