zhongdongxu

3 exploits Active since Dec 2023
CVE-2023-50639 WRITEUP MEDIUM WRITEUP
Iscute Cute HTTP File Server - XSS
Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page.
CVSS 5.4
CVE-2024-24213 WRITEUP CRITICAL WRITEUP
Supabase Postgres - SQL Injection
Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically, /pg_meta/default/query is for SQL queries that are entered in an intended UI by an authorized user. Nothing is injected.
CVSS 9.8
CVE-2024-24215 WRITEUP MEDIUM WRITEUP
Cellinx Nvt Web Server - Information Disclosure
An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request.
CVSS 5.3