mustgundogdu

5 exploits Active since Nov 2020
CVE-2020-35729 WRITEUP CRITICAL WORKING POC
klog_server 2.4.1 - OS Command Injection via User Parameter
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
CVSS 9.8
CVE-2020-29395 WRITEUP MEDIUM WRITEUP
EventON < 3.0.5 - Cross-Site Scripting via Search Field
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
CVSS 6.1
CVE-2022-30875 WRITEUP MEDIUM WRITEUP
Dolibarr 12.0.5 - Cross-Site Scripting via SQL Error Page
Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.
CVSS 6.1
CVE-2022-22293 WRITEUP MEDIUM WRITEUP
Dolibarr < 13.0.0 - Stored Cross-Site Scripting via MAIN_MAX_DECIMALS_TOT Parameter
admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.
CVSS 5.4
CVE-2022-30875 WRITEUP MEDIUM WRITEUP
Dolibarr 12.0.5 - Cross-Site Scripting via SQL Error Page
Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.
CVSS 6.1