>> AUTHOR: deepcore

WordPress Plugin stafflist 3.1.2 – SQLi (Authenticated)

Bitrix24 – Remote Code Execution (RCE) (Authenticated)

Navigate CMS 2.9.4 – Server-Side Request Forgery (SSRF) (Authenticated)

Magento eCommerce CE v2.3.5-p2 – Blind SQLi

Explore CMS 1.0 – SQL Injection

Akka HTTP 10.1.14 – Denial of Service

DLINK DAP-1620 A1 v1.01 – Directory Traversal

Cyclos 4.14.7 – ‘groupId’ DOM Based Cross-Site Scripting (XSS)

PyScript – Read Remote Python Source Code

DLINK DIR850 – Open Redirect