sbani

2 exploits Active since Mar 2017
CVE-2022-29221 NOMISEC HIGH WORKING POC
Smarty <3.1.45, <4.1.1 - Code Injection
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.
16 stars
CVSS 8.8
CVE-2014-8731 NOMISEC CRITICAL WORKING POC
phpmemcachedadmin < 1.2.2 - Remote Code Execution via Serialized Data Filename Injection
PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot.
CVSS 9.8