📄 WordPress Supsystic Contact Form 1.7.36 Server-Side Template Injection

This Metasploit module is for WordPress Supsystic Contact Form plugin versions 1.7.36 and below. The plugin suffers from a server-side template injection vulnerability that allows for remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...

📄 WordPress Supsystic Contact Form 1.7.36 Server-Side Template Injection

Proof of concept code execution exploit for a server-side template injection vulnerability in WordPress Supsystic Contact Form plugin versions 1.7.36 and below Exploit Title: WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI Date: 3/30/2026 Exploit Author: bootstrapbool Vendor Homepage:...

WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI

Exploit Title: WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI Date: 3/30/2026 Exploit Author: bootstrapbool Vendor Homepage: https://supsystic.com/plugins/contact-form-plugin/ Software Link: https://wordpress.org/plugins/contact-form-by-supsystic/ Version: str: try: res = requests.geturl...

MINI-57H5-7CJF-4257

Bulletin has no description...

CVE-2026-4257

creationtimestamp| type| source ---|---|--- 2026-03-30 22:20:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3micp3b722d27 2026-03-30 23:20:36+00:00| seen| Telegram/aYCyNSm85uFE8xgl3G3j-Sn1NnPkfaU1HaAlO581ff2GeJQ 2026-03-31 00:00:42+00:00| seen|...

CVE-2021-4257

A vulnerability was found in ctrlo lenio. It has been declared as problematic. This vulnerability affects unknown code of the file views/task.tt of the component Task Handler. The manipulation of the argument site.org.name/check.name/task.tasktype.name/task.name leads to cross site scripting. The...

CVE-2025-4257

A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of the file /adminpay.php. The manipulation of the argument cstatus leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed t...

CVE-2025-4257

A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of the file /adminpay.php. The manipulation of the argument cstatus leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed t...

CVE-2025-4257

A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of the file /adminpay.php. The manipulation of the argument cstatus leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed t...

CVE-2025-4257 SeaCMS admin_pay.php cross site scripting

A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of the file /adminpay.php. The manipulation of the argument cstatus leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed t...

CVE-2025-4257

SeaCMS 13.2 contains a cross-site scripting vulnerability in the /admin_pay.php handler caused by improper handling of the cstatus parameter. The issue can be triggered remotely and an exploit has been disclosed. At present, no official patch/version is stated in the provided documents. A documen...

CVE-2025-4257 SeaCMS admin_pay.php cross site scripting

A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of the file /adminpay.php. The manipulation of the argument cstatus leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed t...

Adobe Digital Editions < 4.5.2 Multiple Vulnerabilities (APSB16-28) (macOS)

The version of Adobe Digital Editions installed on the remote macOS host is prior to 4.5.2. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB16-28 advisory. - Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary...

CVE-2024-4257 BlueNet Technology Clinical Browsing System deleteStudy.php sql injection

A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack...

CVE-2024-4257

BlueNet Technology Clinical Browsing System 1.2.1 has a SQL injection vulnerability in the unknown part of the file /xds/deleteStudy.php caused by manipulating the parameter documentUniqueId . The issue can be triggered remotely and is publicly disclosed per the CVE entry. A remediation is to upd...

CVE-2024-4257 BlueNet Technology Clinical Browsing System deleteStudy.php sql injection

A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack...

Rocky Linux 8 : httpd:2.4 (RLSA-2021:4257)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4257 advisory. - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash,...

CVE-2023-4257

creationtimestamp| type| source ---|---|--- 2023-10-14 02:29:14+00:00| seen| https://t.me/cibsecurity/72274...

CVE-2023-4257 Unchecked user input length in the Zephyr WiFi shell module

Unchecked user input length in /subsys/net/l2/wifi/wifishell.c can cause buffer overflows...

CVE-2023-4257 Unchecked user input length in the Zephyr WiFi shell module

Unchecked user input length in /subsys/net/l2/wifi/wifishell.c can cause buffer overflows...