zetc0de

3 exploits Active since Apr 2021
CVE-2020-35314 EXPLOITDB CRITICAL python WORKING POC
Wondercms - OS Command Injection
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer.
CVSS 9.8
CVE-2020-35313 EXPLOITDB CRITICAL python WORKING POC
Wondercms - SSRF
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.
CVSS 9.8
CVE-2022-3552 EXPLOITDB HIGH text WORKING POC
Boxbilling < 0.0.1 - Unrestricted Upload of File with Dangerous Type
Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.
CVSS 7.2