11 matches found
WordPress HTML5 Video Player plugin < 2.5.27 - Unauthenticated SQLi vulnerability
Unauthenticated SQLi vulnerability discovered by Mayank Deshmukh in WordPress Plugin Flash & HTML5 Video versions 2.5.27...
Control Web Panel 7 (CWP7) 0.9.8.1147 Remote Code Execution
// Exploit Title: Control Web Panel 7 CWP7 v0.9.8.1147 - Remote Code Execution RCE // Date: 2023-02-02 // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://centos-webpanel.com/ // Affected Versions: version 0.9.8.1147 // Tested on: Kali Linux // CVE : CVE-2022-44877 // Github POC:...
Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution Exploit
// Exploit Title: Control Web Panel 7 CWP7 v0.9.8.1147 - Remote Code Execution RCE // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://centos-webpanel.com/ // Affected Versions: version 0.9.8.1147 // Tested on: Kali Linux // CVE : CVE-2022-44877 // Github POC:...
Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)
// Exploit Title: Control Web Panel 7 CWP7 v0.9.8.1147 - Remote Code Execution RCE // Date: 2023-02-02 // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://centos-webpanel.com/ // Affected Versions: version 0.9.8.1147 // Tested on: Kali Linux // CVE : CVE-2022-44877 // Github POC:...
Casdoor 1.13.0 - SQL Injection (Unauthenticated) Vulnerability
// Exploit Title: Casdoor 1.13.0 - SQL Injection Unauthenticated // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://casdoor.org/ // Software Link: https://github.com/casdoor/casdoor/releases/tag/v1.13.0 // Version: version 1.13.1 // Security Advisory:...
Casdoor 1.13.0 SQL Injection
// Exploit Title: Casdoor 1.13.0 SQL Injection Unauthenticated // Date: 2022-02-25 // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://casdoor.org/ // Software Link: https://github.com/casdoor/casdoor/releases/tag/v1.13.0 // Version: version 1.13.1 // Security Advisory:...
Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read Vulnerability
Exploit Title: Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: version 7.4.10 and 7.5.0 ≤ version 7.12.3 Tested o...
Atlassian Jira Server/Data Center 8.4.0 File Read
Exploit Title: Atlassian Jira Server/Data Center 8.4.0 - Limited Remote File Read/Include Date: 2021-10-05 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤...
PHP 8.1.0-dev Backdoor Remote Command Execution Exploit (2)
PHP version 8.1.0-dev unauthenticated remote command execution proof of concept exploit that leverages the backdoor. !/usr/bin/env python3 Exploit Title: PHP 8.1.0-dev WebShell RCE Unauthenticated Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.php.net/ Software Link:...
CuteNews 2.1.2 Shell Upload Exploit
CuteNews version 2.1.2 Avatar upload remote shell upload exploit. Original discovery of remote shell upload in this version is attributed to Ozkan Mustafa Akkus in April of 2019. ! /usr/bin/env python3 Exploit Title: CuteNews 2.1.2 - Avatar upload RCE Authenticated Exploit Author: Mayank Deshmukh...
CuteNews 2.1.2 Shell Upload
! /usr/bin/env python3 Exploit Title: CuteNews 2.1.2 - Avatar upload RCE Authenticated Exploit Author: Mayank Deshmukh Date: 2021-03-17 Vendor Homepage: https://cutephp.com/ Software Link: https://cutephp.com/click.php?cutenewslatest Version: 2.1.2 CVE: CVE-2019-11447 CVE Reference:...