xbz0n

5 exploits Active since Feb 2023
CVE-2024-32136 NOMISEC HIGH WRITEUP
Xenioushk BWL Advanced FAQ Mgr <2.0.3 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through 2.0.3.
3 stars
CVSS 7.6
CVE-2024-33911 NOMISEC HIGH WRITEUP
Weblizar School Management Pro <= 10.3.4 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4.
2 stars
CVSS 7.6
CVE-2024-0399 NOMISEC HIGH WORKING POC
WooCommerce Customers Manager < 29.7 - Authenticated SQL Injection
The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role.
1 stars
CVSS 8.1
CVE-2024-0566 NOMISEC HIGH WORKING POC
Smart Manager WP <8.28.0 - SQL Injection
The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
1 stars
CVSS 7.2
CVE-2023-0830 NOMISEC MEDIUM WORKING POC
EasyNAS 1.1.0 - OS Command Injection via /backup.pl
A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
1 stars
CVSS 6.3