tmrswrr

37 exploits Active since Sep 2014
CVE-2024-25415 EXPLOITDB HIGH python WORKING POC
CE Phoenix <1.0.8.20 - RCE
A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.
CVSS 7.2
CVE-2024-24520 EXPLOITDB HIGH text WORKING POC
Lepton CMS <7.0.0 - RCE
An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.
CVSS 7.8
CVE-2024-24399 EXPLOITDB HIGH text WORKING POC
Lepton-cms Leptoncms - Unrestricted File Upload
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
CVSS 7.2
CVE-2024-22638 EXPLOITDB CRITICAL text WORKING POC
liveSite <2019.1 - RCE
liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php or /livesite/add_email_campaign.php.
CVSS 9.8
EIP-2026-113193 EXPLOITDB text WORKING POC
WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)
EIP-2026-111405 EXPLOITDB text WORKING POC
PopojiCMS Version 2.0.1 - Remote Command Execution
EIP-2026-109584 EXPLOITDB text WRITEUP
Moodle 4.3 - Insecure Direct Object Reference
EIP-2026-109565 EXPLOITDB text WORKING POC
Monstra 3.0.4 - Stored Cross-Site Scripting (XSS)
EIP-2026-107670 EXPLOITDB text WORKING POC
HTMLy Version v2.9.6 - Stored XSS
EIP-2026-106830 EXPLOITDB text WORKING POC
elFinder Web file manager Version - 2.1.53 Remote Command Execution
EIP-2026-106265 EXPLOITDB python WORKING POC
CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution
EIP-2026-104315 EXPLOITDB text WORKING POC
Magento ver. 2.4.6 - XSLT Server Side Injection