Writeup Exploits

63,085 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-28976 WRITEUP MEDIUM
WordPress Canto Plugin 1.3.0 - Blind Server-Side Request Forgery via detail.php
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
CVSS 5.3
CVE-2020-28977 WRITEUP MEDIUM
WordPress Canto Plugin 1.3.0 - Blind Server-Side Request Forgery via get.php
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.
CVSS 5.3
CVE-2020-28978 WRITEUP MEDIUM
WordPress Canto Plugin 1.3.0 - Blind SSRF via subdomain Parameter
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.
CVSS 5.3
CVE-2020-29070 WRITEUP MEDIUM
osCommerce 2.3.4.1 - Authenticated Stored Cross-Site Scripting in Newsletter Title
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
CVSS 4.8
CVE-2020-29070 WRITEUP MEDIUM
osCommerce 2.3.4.1 - Authenticated Stored Cross-Site Scripting in Newsletter Title
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
CVSS 4.8
CVE-2020-29134 WRITEUP HIGH
TOTVS Fluig - Path Traversal via Base64-Encoded File Parameter
The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4
CVSS 8.6
CVE-2020-29134 WRITEUP HIGH
TOTVS Fluig - Path Traversal via Base64-Encoded File Parameter
The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4
CVSS 8.6
CVE-2020-29205 WRITEUP MEDIUM
Project Worlds Online Examination System 1.0 - XSS
XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field
CVSS 6.1
CVE-2020-29254 WRITEUP HIGH
TikiWiki 21.2 - Cross-Site Request Forgery in Template Editor
TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited.
CVSS 8.8
CVE-2020-29280 WRITEUP CRITICAL
Victor CMS 1.0 - SQL Injection via Search Parameter
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
CVSS 9.8
CVE-2020-29282 WRITEUP CRITICAL
BloodX 1.0 - SQL Injection
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
CVSS 9.8
CVE-2020-29282 WRITEUP CRITICAL
BloodX 1.0 - SQL Injection
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
CVSS 9.8
CVE-2020-29284 WRITEUP CRITICAL
Multi Restaurant Table Reservation System 1.0 - Unauthenticated SQL...
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.
CVSS 9.8
CVE-2020-29287 WRITEUP CRITICAL
Car Rental Management System <1.0 - SQL Injection
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
CVSS 9.8
CVE-2020-29288 WRITEUP CRITICAL
Gym Management System - SQL Injection
An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable.
CVSS 9.8
CVE-2020-29297 WRITEUP CRITICAL
Tourist5 Online-food-ordering-system 1.0 - SQL Injection
Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0.
CVSS 9.8
CVE-2020-29364 WRITEUP MEDIUM
NetArt News Lister 1.0.0 - Stored Cross-Site Scripting in News Headlines
In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles.
CVSS 4.8
CVE-2020-29395 WRITEUP MEDIUM
EventON < 3.0.5 - Cross-Site Scripting via Search Field
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
CVSS 6.1
CVE-2020-29597 WRITEUP CRITICAL
IncomCMS 2.0 - Unauthenticated Unrestricted File Upload via modules/uploader/showcase/script.php
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
CVSS 9.8
CVE-2020-29607 WRITEUP HIGH
Pluck CMS < 4.7.13 - Authenticated Remote Code Execution via File Upload Restriction Bypass
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
CVSS 7.2
CVE-2020-29607 WRITEUP HIGH
Pluck CMS < 4.7.13 - Authenticated Remote Code Execution via File Upload Restriction Bypass
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
CVSS 7.2
CVE-2020-29669 WRITEUP HIGH
Macally WIFISD2-2A82 Media and Travel Router 2.000.010 - Privilege Escalation
In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password hashes of each user (including root) can be dumped. The root hash can be cracked easily which results in a complete system compromise.
CVSS 8.8
CVE-2020-35191 WRITEUP CRITICAL
Drupal Docker <8.5.10-fpm-alpine - Privilege Escalation
The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVSS 9.8
CVE-2020-35236 WRITEUP MEDIUM
amazee.io Lagoon <1.12.3 - Info Disclosure
The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion.
CVSS 5.3
CVE-2020-35236 WRITEUP MEDIUM
amazee.io Lagoon <1.12.3 - Info Disclosure
The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion.
CVSS 5.3