z92g

5 exploits Active since Jan 2022
CVE-2022-21661 NOMISEC HIGH SCANNER
WordPress 3.7-3.7.36 - SQL Injection via WP_Query
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
28 stars
CVSS 8.0
CVE-2022-0543 NOMISEC CRITICAL WORKING POC
Redis Lua Sandbox Escape
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
25 stars
CVSS 10.0
CVE-2022-26138 NOMISEC CRITICAL SCANNER
Atlassian Questions For Confluence - Hardcoded Credentials
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.
15 stars
CVSS 9.8
CVE-2021-31805 NOMISEC CRITICAL WORKING POC
Apache Struts 2.0.0-2.5.29 - Remote Code Execution via Forced OGNL Evaluation
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.
6 stars
CVSS 9.8
CVE-2022-1119 NOMISEC HIGH SCANNER
Simple File List <= 3.2.7 - Unauthenticated Arbitrary File Download via eeFile Parameter
The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded, in versions up to and including 3.2.7.
5 stars
CVSS 7.5