z3

15 exploits Active since Oct 2019
CVE-2021-43798 NOMISEC HIGH WORKING POC
Grafana Plugin Path Traversal
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
27 stars
CVSS 7.5
CVE-2021-41277 NOMISEC CRITICAL WORKING POC
Metabase - Path Traversal and Local File Inclusion via Custom GeoJSON Map URL
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.
9 stars
CVSS 10.0
CVE-2019-17373 WRITEUP CRITICAL WRITEUP
NETGEAR devices - Unauthenticated Access
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.
CVSS 9.8
CVE-2021-44259 WRITEUP CRITICAL WRITEUP
WAVLINK AC1200 WAVLINK-A42W-1.27.6-20180418 - Unauthenticated Access via wx.html Page
A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an unauthorized user accesses this page directly, it connects to this device as a friend of the device owner.
CVSS 9.8
CVE-2021-44260 WRITEUP HIGH WRITEUP
WAVLINK AC1200 WAVLINK-A42W-1.27.6-20180418 - Unauthenticated Information Disclosure via live_mfg.html
A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router.
CVSS 7.5
CVE-2021-44261 WRITEUP MEDIUM WRITEUP
Netgear WAC104 < 1.0.4.13 - Unauthenticated Information Exposure via BRS_top.html
A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device.
CVSS 5.3
CVE-2021-44262 WRITEUP HIGH WRITEUP
Netgear WAC104 < 1.0.4.13 - Unauthenticated Information Exposure via MNU_top.htm
A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device.
CVSS 7.5
CVE-2022-31827 WRITEUP CRITICAL WRITEUP
MonstaFTP 2.10.3 - Server-Side Request Forgery via HTTPFetcher.php
MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php.
CVSS 9.1
CVE-2022-38931 WRITEUP HIGH WRITEUP
BaijiaCMS V4 4.1.4 - Server-Side Request Forgery via url Parameter
A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter.
CVSS 8.8
CVE-2022-41477 WRITEUP CRITICAL WRITEUP
WeBid <=1.2.2 - Server-Side Request Forgery via Theme Parameter
A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories.
CVSS 9.1
CVE-2023-39108 WRITEUP HIGH WRITEUP
rconfig 3.9.4 - Authenticated Server-Side Request Forgery via path_b Parameter
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.
CVSS 8.8
CVE-2023-39109 WRITEUP HIGH WRITEUP
rconfig v3.9.4 - Authenticated Server-Side Request Forgery via path_a Parameter
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.
CVSS 8.8
CVE-2023-39110 WRITEUP HIGH WRITEUP
rconfig v3.9.4 - Authenticated Server-Side Request Forgery via path parameter
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.
CVSS 8.8
CVE-2024-27561 WRITEUP HIGH WRITEUP
WonderCMS 3.1.3 - Server-Side Request Forgery via installUpdateThemePluginAction
A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter.
CVSS 8.1
CVE-2024-27563 WRITEUP MEDIUM WRITEUP
WonderCMS 3.1.3 - Server-Side Request Forgery via PluginThemeUrl Parameter
A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.
CVSS 5.3