siunam321

3 exploits Active since Sep 1999
CVE-2024-7627 NOMISEC HIGH WORKING POC
Bitapps File Manager < 6.5.6 - Race Condition
The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions.
6 stars
CVSS 8.1
CVE-2024-8743 NOMISEC MEDIUM WORKING POC
Bit File Manager <6.5.7 - XSS
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting.
2 stars
CVSS 6.8
CVE-1999-1053 NOMISEC WORKING POC
Apache <1.3.9 - RCE
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
1 stars