tmrswrr

43 exploits Active since Sep 2014
CVE-2014-6271 NOMISEC CRITICAL SCANNER
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS 9.8
CVE-2023-36212 WRITEUP HIGH WORKING POC
Total CMS 1.7.4 - Unauthenticated Arbitrary File Upload via Edit Page Function
File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function.
CVSS 8.8
CVE-2024-24399 WRITEUP HIGH WORKING POC
Lepton CMS 7.0.0 - Authenticated Arbitrary File Upload via Backend Languages Index
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
CVSS 7.2
CVE-2024-24399 WRITEUP HIGH WORKING POC
Lepton CMS 7.0.0 - Authenticated Arbitrary File Upload via Backend Languages Index
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
CVSS 7.2
CVE-2024-24520 WRITEUP HIGH WORKING POC
Lepton CMS 7.0.0 - Remote Code Execution via Upgrade.php Language Parameter
An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.
CVSS 7.8
CVE-2024-25415 WRITEUP HIGH WORKING POC
CE Phoenix 1.0.8.20 - Remote Code Execution via define_language.php
A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.
CVSS 7.2
CVE-2024-26521 WRITEUP MEDIUM WORKING POC
CE Phoenix <1.0.8.20 - Code Injection
HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component.
CVSS 4.8
CVE-2023-38947 WRITEUP HIGH WORKING POC
WBCE CMS 1.6.1 - Arbitrary File Upload via Languages Install Endpoint
An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS 7.2
CVE-2024-22636 WRITEUP HIGH WRITEUP
PluXml Blog 5.8.9 - Remote Code Execution via Static Pages Content Field
PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field.
CVSS 8.8
CVE-2024-25413 WRITEUP HIGH WORKING POC
FireBear Improved Import And Export <3.8.6 - SSRF
A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file.
CVSS 7.2
CVE-2024-25414 WRITEUP CRITICAL WORKING POC
CSZ CMS 1.3.0 - Unauthenticated Arbitrary File Upload via Zip Archive in Admin Upgrade
An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file.
CVSS 9.8
CVE-2024-27622 WRITEUP HIGH WRITEUP
CMS Made Simple <2.2.19/2.2.21 - RCE
A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code.
CVSS 7.2
CVE-2024-27623 WRITEUP MEDIUM WRITEUP
CMS Made Simple 2.2.19 - Server-Side Template Injection in Design Manager Breadcrumbs
CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.
CVSS 5.9
CVE-2024-9022 WRITEUP HIGH WRITEUP
TS Poll < 2.4.0 - Authenticated SQL Injection via Orderby Parameter
The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.4.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS 7.2
CVE-2025-66572 EXPLOITDB MEDIUM text WORKING POC
Loaded Commerce 6.6 - Unauthenticated Remote Code Execution via Search Parameter
Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL.
CVE-2024-58295 EXPLOITDB HIGH text WORKING POC
ElkArte Forum 1.1.9 - Authenticated Remote Code Execution via Theme Upload
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing the uploaded file in the theme directory.
CVE-2024-58293 EXPLOITDB HIGH text WORKING POC
Akaunting 3.1.8 - Authenticated Server-Side Template Injection via Form Input Fields
Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic operations and string manipulations.
CVE-2024-58291 EXPLOITDB MEDIUM text WORKING POC
Flatboard 3.2 - Authenticated Stored Cross-Site Scripting via Forum Information Field
Flatboard 3.2 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts in forum information fields. Attackers can insert JavaScript payloads that execute when other users view the forum, potentially stealing session cookies and executing client-side scripts.
CVE-2024-58289 EXPLOITDB MEDIUM text WORKING POC
Microweber 2.0.15 - Authenticated Stored Cross-Site Scripting via User Profile Fields
Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially stealing session cookies and executing arbitrary JavaScript.
CVSS 5.4
CVE-2023-37602 EXPLOITDB MEDIUM text WORKING POC
Alkacon OpenCMS 15.0 - Arbitrary File Upload and Remote Code Execution via PNG File
An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.
CVSS 6.1
CVE-2024-58297 EXPLOITDB MEDIUM text WORKING POC
PyroCMS v3.0.1 - Stored Cross-Site Scripting via Admin Redirects Configuration
PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page.
CVSS 5.4
CVE-2024-58296 EXPLOITDB MEDIUM text WORKING POC
CE Phoenix - Stored Cross-Site Scripting in Currencies Administration Panel
CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page.
CVE-2024-29686 EXPLOITDB HIGH text WORKING POC
Winter CMS 1.2.3 - Authenticated Server-Side Template Injection via CMS Pages Field
Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them.
CVSS 7.2
CVE-2023-53911 EXPLOITDB MEDIUM text WORKING POC
Textpattern CMS 4.8.8 - Authenticated Stored Cross-Site Scripting in Article Excerpt Field
Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users.
CVSS 5.4
CVE-2023-38904 EXPLOITDB MEDIUM text WORKING POC
Netlify CMS 2.10.192 - Stored Cross-Site Scripting via New Post Body Parameter
A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function.
CVSS 5.4