xpltive

2 exploits Active since Nov 2023

CVE-2023-41425 NOMISEC MEDIUM WORKING POC

WonderCMS Remote Code Execution

Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.

1 stars

CVSS 6.1

View Code

CVE-2023-50564 NOMISEC HIGH WORKING POC

Pluck-CMS 4.7.18 - Arbitrary File Upload via ZIP File in Modules Install

An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.

1 stars

CVSS 8.8

View Code