Moodle 3.9 – Remote Code Execution (RCE) (Authenticated)
>> ARCHIVE: 2021-08
Moodle 3.9 – Remote Code Execution (RCE) (Authenticated)
http://www.kuangrod.go.th notified by sh007
qdPM version 9.2 discloses the password and connection string for the database in an internet-accessible file.
Hotel Management System version 1.0 exploit that leverages a blind cross site scripting attack against the admin to have a reverse PHP shell uploaded.
ApacheOfBiz 17.12.01 – Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments
qdPM 9.2 – DB Connection String and Password Exposure (Unauthenticated)
qdPM 9.1 – Remote Code Execution (RCE) (Authenticated)
WordPress Plugin WP Customize Login 1.1 – ‘Change Logo Title’ Stored Cross-Site Scripting (XSS)
Client Management System 1.1 – ‘cname’ Stored Cross-site scripting (XSS)
https://rayonghospital.go.th/pwn.htm notified by Toro