mari0x00

5 exploits Active since Jan 2021
CVE-2021-39402 WRITEUP HIGH WRITEUP
MaianAffiliate 1.0 - Code Injection via Product Addition
MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated visitors.
CVSS 7.2
CVE-2021-39404 WRITEUP MEDIUM WRITEUP
MaianAffiliate 1.0 - Authenticated Stored Cross-Site Scripting
MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database.
CVSS 4.8
CVE-2021-38833 EXPLOITDB CRITICAL python WORKING POC
PHPGurukul AVMS <1.0 - SQL Injection
SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE.
CVSS 9.8
CVE-2020-35754 EXPLOITDB HIGH python WORKING POC
OpenSolution Quick.CMS and Quick.Cart < 6.7 - Authenticated Remote Code Execution via Language Tab Input
OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab.
CVSS 7.2
EIP-2026-105414 EXPLOITDB python WORKING POC
Batflat CMS 1.3.6 - Remote Code Execution (Authenticated)