CVE-2021-25052

The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE...

FileBrowser 2.17.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution (RCE)

Exploit Title: FileBrowser 2.17.2 - Cross Site Request Forgery CSRF to Remote Code Execution RCE Date: 5/2/2022 Exploit Author: FEBIN MON SAJI Vendor Homepage: https://filebrowser.org/ Software Link: https://github.com/filebrowser/filebrowser Version: FileBrowser setTimeoutfunction...

CVE-2021-25051

The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE...

CVE-2021-25052 Button Generator < 2.3.3 - RFI leading to RCE via CSRF

The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE...

CVE-2021-24642 Scroll Baner <= 1.0 - CSRF to RCE

The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE via a file upload as well as XSS...

Code Snippets < 2.14.0 - CSRF to RCE

This "flaw allowed anybody to forge a request on behalf of an administrator and inject executable code on a vulnerable site." PoC...

Xfinity Gateway - Cross-Site Request Forgery

Xfinity Gateway - Cross-Site Request Forgery EXPLOIT TITLE: CSRF RCE XFINITY WEB GATEWAY AUTHOR: Pabstersac DATE: 1ST OF AUGUST 2016 CVE: N/A CATEGORY: REMOTE CONTACT: [email protected] IF ANYONE HAS COMMUNICATION WITH VENDOR PLEASE NOTIFY THEM SINCE THEY HAVE IGNORED ME. CSRF FOR COMCAST...