GetSimple CMS Plugin Multi User 1.8.2 – Cross-Site Request Forgery (Add Admin)
>> TAG: #remote exploit
GetSimple CMS Plugin Multi User 1.8.2 – Cross-Site Request Forgery (Add Admin)
vBulletin 5.6.2 – ‘widget_tabbedContainer_tab_panel’ Remote Code Execution
CMS Made Simple 2.2.14 – Authenticated Arbitrary File Upload
Fuel CMS 1.4.7 – ‘col’ SQL Injection (Authenticated)
Warehouse Inventory System 1.0 – Cross-Site Request Forgery (Change Admin Password)
ManageEngine ADSelfService Build prior to 6003 – Remote Code Execution (Unauthenticated)
BarcodeOCR 19.3.6 – ‘BarcodeOCR’ Unquoted Service Path
All-Dynamics Digital Signage System 2.0.2 – Cross-Site Request Forgery (Add Admin)
Daily Expenses Management System 1.0 – ‘item’ SQL Injection
Victor CMS 1.0 – ‘Search’ SQL Injection