📄 Online Shopping System Advanced 1.0 Shell Upload / SQL Injection

Online Shopping System Advanced version 1.0 suffers from remote shell upload and remote SQL injection vulnerabilities. Exploit Title: Online Shopping System Advanced - Remote Code Execution Date: 2025-03-11 Exploit Author: bRpsd Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=bRpsd...

CVE-2021-37394

In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration...

CVE-2021-37394

In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration...

CVE-2021-37394

RPCMS (v1.8 and earlier) contains an API-level flaw that allows attackers to alter the user role parameter to admin via the API, enabling admin account registration. The connected sources consistently describe this as a role-parameter manipulation vulnerability affecting RPCMS v1.8 and below, lea...

WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities

!/usr/bin/env python Author: Simone Quatrini of Pen Test Partners CVEs: 2019-9879, 2019-9880, 2019-9881 Tested on Wordpress 5.1.1 and wp-graphql 0.2.3 https://www.pentestpartners.com/security-blog/pwning-wordpress-graphql/ import argparse import requests import base64 import json import sys parse...