Moodle 3.9 – Remote Code Execution (RCE) (Authenticated)
>> TAG: #remote exploit
Moodle 3.9 – Remote Code Execution (RCE) (Authenticated)
CMSuno 1.7 – ‘tgo’ Stored Cross-Site Scripting (XSS) (Authenticated)
GFI Mail Archiver 15.1 – Telerik UI Component Arbitrary File Upload (Unauthenticated)
Client Management System 1.1 – ‘cname’ Stored Cross-site scripting (XSS)
WordPress Plugin WP Customize Login 1.1 – ‘Change Logo Title’ Stored Cross-Site Scripting (XSS)
qdPM 9.1 – Remote Code Execution (RCE) (Authenticated)
qdPM 9.2 – DB Connection String and Password Exposure (Unauthenticated)
ApacheOfBiz 17.12.01 – Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments
Hotel Management System 1.0 – Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE)
Men Salon Management System 1.0 – SQL Injection Authentication Bypass