zhongdongxu

3 exploits Active since Dec 2023
CVE-2023-50639 WRITEUP MEDIUM WRITEUP
CuteHttpFileServer 1.0 and 2.0 - Cross-Site Scripting via File Upload Function
Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page.
CVSS 5.4
CVE-2024-24213 WRITEUP CRITICAL WRITEUP
Supabase PostgreSQL v15.1 - SQL Injection via /pg_meta/default/query
Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically, /pg_meta/default/query is for SQL queries that are entered in an intended UI by an authorized user. Nothing is injected.
CVSS 9.8
CVE-2024-24215 WRITEUP MEDIUM WRITEUP
Cellinx NVT Web Server 5.0.0.014 - Exposure of Sensitive Information via GetJsonValue.cgi
An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request.
CVSS 5.3