tmrswrr

43 exploits Active since Sep 2014
CVE-2023-37164 EXPLOITDB MEDIUM text WORKING POC
diafan.cms v6.0 - Reflected Cross-Site Scripting via cat_id Parameter
Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search.
CVSS 6.1
CVE-2023-36217 EXPLOITDB CRITICAL text WORKING POC
Xoops CMS 2.5.10 - Stored Cross-Site Scripting via Image Manager Category Name Field
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.
CVSS 9.0
CVE-2023-36213 EXPLOITDB CRITICAL text WRITEUP
MotoCMS 3.4.3 - SQL Injection via Search Keyword Parameter
SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function.
CVSS 9.8
CVE-2023-36212 EXPLOITDB HIGH text WORKING POC
Total CMS 1.7.4 - Unauthenticated Arbitrary File Upload via Edit Page Function
File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function.
CVSS 8.8
CVE-2023-36211 EXPLOITDB MEDIUM text WORKING POC
Barebones CMS 2.0.2 - Authenticated Stored Cross-Site Scripting
The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user interacts with certain features on the admin panel.
CVSS 5.4
CVE-2023-36210 EXPLOITDB CRITICAL text WORKING POC
MotoCMS 3.4.3 - Server-Side Template Injection via Keyword Parameter
MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter.
CVSS 9.8
CVE-2024-25415 EXPLOITDB HIGH python WORKING POC
CE Phoenix 1.0.8.20 - Remote Code Execution via define_language.php
A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.
CVSS 7.2
CVE-2024-24520 EXPLOITDB HIGH text WORKING POC
Lepton CMS 7.0.0 - Remote Code Execution via Upgrade.php Language Parameter
An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.
CVSS 7.8
CVE-2024-24399 EXPLOITDB HIGH text WORKING POC
Lepton CMS 7.0.0 - Authenticated Arbitrary File Upload via Backend Languages Index
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
CVSS 7.2
CVE-2024-22638 EXPLOITDB CRITICAL text WORKING POC
liveSite 2019.1 - Remote Code Execution via edit_designer_region.php or add_email_campaign.php
liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php or /livesite/add_email_campaign.php.
CVSS 9.8
EIP-2026-113193 EXPLOITDB text WORKING POC
WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)
EIP-2026-111405 EXPLOITDB text WORKING POC
PopojiCMS Version 2.0.1 - Remote Command Execution
EIP-2026-109584 EXPLOITDB text WRITEUP
Moodle 4.3 - Insecure Direct Object Reference
EIP-2026-109565 EXPLOITDB text WORKING POC
Monstra 3.0.4 - Stored Cross-Site Scripting (XSS)
EIP-2026-107670 EXPLOITDB text WORKING POC
HTMLy Version v2.9.6 - Stored XSS
EIP-2026-106830 EXPLOITDB text WORKING POC
elFinder Web file manager Version - 2.1.53 Remote Command Execution
EIP-2026-106265 EXPLOITDB python WORKING POC
CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution
EIP-2026-104315 EXPLOITDB text WORKING POC
Magento ver. 2.4.6 - XSLT Server Side Injection