night-0p - Security Researcher - Exploit Intelligence Platform

CVE-2023-41566 WRITEUP HIGH WRITEUP

OA EKP v16 - Code Injection

OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sys_ui_extend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the background administrator and further obtain database permissions.

CVSS 8.1

View Code

CVE-2023-47356 WRITEUP HIGH WRITEUP

Mingyu Security Gateway <3.0-5.3p - RCE

Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution (RCE) vulnerability via the log_type parameter at /log/fw_security.mds.

CVSS 8.8

View Code

CVE-2024-32323 WRITEUP HIGH WRITEUP

cnhcit.com Haichang OA <1.0.0 - SQL Injection

SQL Injection vulnerability in cnhcit.com Haichang OA v.1.0.0 allows a remote attacker to obtain sensitive information via the if parameter in hcit.project.rte.agents.UploadImages.class.

CVSS 8.1

View Code