vishwaraj101

3 exploits Active since Jun 2019
CVE-2020-12255 NOMISEC HIGH STUB
Rconfig - Unrestricted File Upload
rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to vendor.php that contains arbitrary PHP code and changing the content-type to image/gif.
CVSS 8.8
CVE-2022-43138 EXPLOITDB CRITICAL text WORKING POC
Dolibarr Open Source ERP & CRM <14.0.1 - Privilege Escalation
Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.
CVSS 9.8
CVE-2018-20523 EXPLOITDB MEDIUM text WORKING POC
MI Stock Browser - Command Injection
Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request.
CVSS 5.3