z3

15 exploits Active since Oct 2019
CVE-2021-43798 NOMISEC HIGH WORKING POC
Grafana Plugin Path Traversal
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
27 stars
CVSS 7.5
CVE-2021-41277 NOMISEC CRITICAL WORKING POC
Metabase - Local File Inclusion
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.
9 stars
CVSS 10.0
CVE-2019-17373 WRITEUP CRITICAL WRITEUP
NETGEAR devices - Unauthenticated Access
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.
CVSS 9.8
CVE-2021-44259 WRITEUP CRITICAL WRITEUP
Wavlink Wl-wn531g3 Firmware - Missing Authentication
A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an unauthorized user accesses this page directly, it connects to this device as a friend of the device owner.
CVSS 9.8
CVE-2021-44260 WRITEUP HIGH WRITEUP
Wavlink Wl-wn531g3 Firmware - Missing Authentication
A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router.
CVSS 7.5
CVE-2021-44261 WRITEUP MEDIUM WRITEUP
Netgear R6220 Firmware < 1.1.0.34_1.0.1 - Missing Authentication
A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device.
CVSS 5.3
CVE-2021-44262 WRITEUP HIGH WRITEUP
Netgear Mbr1517 Firmware < 1.0.4.13 - Missing Authentication
A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device.
CVSS 7.5
CVE-2022-31827 WRITEUP CRITICAL WRITEUP
Monstaftp - SSRF
MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php.
CVSS 9.1
CVE-2022-38931 WRITEUP HIGH WRITEUP
baijiacmsV4 <4.1.4 - SSRF
A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter.
CVSS 8.8
CVE-2022-41477 WRITEUP CRITICAL WRITEUP
WeBid <=1.2.2 - SSRF
A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories.
CVSS 9.1
CVE-2023-39108 WRITEUP HIGH WRITEUP
rconfig <3.9.4 - SSRF
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.
CVSS 8.8
CVE-2023-39109 WRITEUP HIGH WRITEUP
rconfig <3.9.4 - SSRF
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.
CVSS 8.8
CVE-2023-39110 WRITEUP HIGH WRITEUP
rconfig v3.9.4 - SSRF
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.
CVSS 8.8
CVE-2024-27561 WRITEUP HIGH WRITEUP
WonderCMS 3.1.3 - SSRF
A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter.
CVSS 8.1
CVE-2024-27563 WRITEUP MEDIUM WRITEUP
WonderCMS 3.1.3 - SSRF
A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.
CVSS 5.3