Writeup Exploits

62,922 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-1583 WRITEUP HIGH
ATutor 2.2 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php.
CVSS 8.8
CVE-2015-1583 WRITEUP HIGH
ATutor 2.2 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php.
CVSS 8.8
CVE-2019-16124 WRITEUP CRITICAL
YouPHPTube < 7.4 - Unauthenticated Arbitrary File Write via checkConfiguration.php
In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code.
CVSS 9.8
CVE-2019-16172 WRITEUP MEDIUM
LimeSurvey < 3.17.14 - Stored Cross-Site Scripting via Survey Group Title
LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion.
CVSS 5.4
CVE-2019-16173 WRITEUP MEDIUM
LimeSurvey < 3.17.14 - Reflected Cross-Site Scripting in Survey_Common_Action.php
LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php,
CVSS 5.4
CVE-2019-16253 WRITEUP HIGH
SamsungTTS <3.0.02.7 & 3.0.00.101 - Privilege Escalation
The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755.
CVSS 7.8
CVE-2019-16374 WRITEUP CRITICAL
Pega Platform 8.2.1 - Command Injection
Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.
CVSS 9.8
CVE-2019-16399 WRITEUP CRITICAL
Western Digital WD My Book World - Auth Bypass
Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me.
CVSS 9.8
CVE-2025-30148 WRITEUP MEDIUM
Silverstripe Framework <5.3.23 - XSS
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-side sanitization doesn't catch it. The server-side sanitization logic has been updated to sanitize against this attack. This vulnerability is fixed in 5.3.23.
CVSS 5.4
CVE-2024-53277 WRITEUP MEDIUM
Silverstripe Framework < 5.3.8 - Cross-Site Scripting in Form Message Content
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 5.4
CVE-2024-32981 WRITEUP MEDIUM
Silverstripe framework < 5.2.16 - Stored Cross-Site Scripting via Crafted Encoded Payload
Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it. The server-side sanitisation logic has been updated to sanitise against this type of attack in version 5.2.16. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 5.4
CVE-2023-48714 WRITEUP MEDIUM
Silverstripe Framework <4.13.39, <5.1.11 - Info Disclosure
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue.
CVSS 4.3
CVE-2023-22729 WRITEUP MEDIUM
Silverstripe Framework < 4.12.15 - Open Redirect via Login Screen Link
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.
CVSS 5.4
CVE-2023-22728 WRITEUP MEDIUM
Silverstripe Framework < 4.12.15 - Missing Authorization in GridField Print View
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.
CVSS 4.3
CVE-2021-41559 WRITEUP MEDIUM
Silverstripe Framework 4.8.1 - Denial of Service via XML Entity Expansion in Convert::xml2array()
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
CVSS 6.5
CVE-2021-36150 WRITEUP MEDIUM
SilverStripe Framework <4.8.1 - XSS
SilverStripe Framework through 4.8.1 allows XSS.
CVSS 6.1
CVE-2019-16409 WRITEUP MEDIUM
SilverStripe 3.x - Info Disclosure
In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.)
CVSS 5.3
CVE-2019-16531 WRITEUP HIGH
LayerBB < 1.1.4 - Cross-Site Request Forgery via Admin General Settings
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
CVSS 8.8
CVE-2019-16645 WRITEUP HIGH
Embedthis GoAhead 2.5.0 - Info Disclosure
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.
CVSS 8.6
CVE-2019-16662 WRITEUP CRITICAL
rconfig 3.9.2 - OS Command Injection via ajaxServerSettingsChk.php rootUname Parameter
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
CVSS 9.8
CVE-2019-16663 WRITEUP HIGH
rconfig 3.9.2 - OS Command Injection via catCommand Parameter
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.
CVSS 8.8
CVE-2019-16681 WRITEUP MEDIUM
Traveloka 3.14.0 - Cross-Site Scripting via WebViewActivity URL Injection
The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. (When in physical possession of the device, opening local files is also possible.) NOTE: As of 2019-09-23, the vendor has not agreed that this issue has serious impact. The vendor states that the issue is not critical because it does not allow Elevation of Privilege, Sensitive Data Leakage, or any critical unauthorized activity from a malicious user. The vendor also states that a victim must first install a malicious APK to their application.
CVSS 4.7
CVE-2019-16693 WRITEUP CRITICAL
phpipam < 1.4 - SQL Injection via Custom Fields Order Table Parameter
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
CVSS 9.8
CVE-2019-16701 WRITEUP HIGH
pfSense 2.3.4-2.4.4-p3 - Remote Code Execution via pfsense.exec_php MethodCall
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.
CVSS 8.8
CVE-2017-1000479 WRITEUP HIGH
pfSense < 2.4.2 - Clickjacking via CSRF Error Page
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under "possibly insecure" suspicions.
CVSS 8.8