16 POSTS · TAG · #php
DATE CAT TITLE TARGET CVSS
2022 · 3
15-02 EXPLOIT CVE-2022-24977 - ImpressCMS path traversal to pre-auth RCE ImpressCMS 9.8 15-02 CVE CVE-2022-24977 - ImpressCMS path traversal to pre-auth RCE ImpressCMS 9.8 12-02 POST impressCMS - unauthenticated code execution ImpressCMS 9.8 2021 · 7
07-12 CVE CVE-2020-36474 - Vanilla SSRF Vanilla 9.8 23-11 POST Moodle Blind SQL injection via MNet authentication Moodle 7.2 22-10 POST Moodle - Stored XSS and blind SSRF possible via feedback answer text Moodle 6.1 20-08 POST Vanilla - SSRF via media scrape API through dns rebinding Vanilla 9.8 22-07 CVE CVE-2021-36396 - Moodle Blind SSRF possible against cURL blocked hosts Moodle 7.5 17-05 CVE CVE-2021-32474 - Moodle Blind SQL injection via MNet authentication Moodle 7.2 17-05 POST 3kCTF-2021 - ppaste writeup 3kCTF 2021 — 2020 · 6
31-12 CVE CVE-2020-36474 - safecurl <= 3.3, vanilla forum <= 0.9.2 dns rebind to ssrf safecurl 9.8 29-09 CVE CVE-2020-26134 - Live Helper Chat before 3.44v - stored xss Live 6.1 25-07 EXPLOIT 3kCTF-2020 - Glitch exploit 3kCTF 2020 — 25-07 POST 3kCTF-2020 - Glitch writeup 3kCTF 2020 — 25-07 POST 3kCTF-2020 - reporter writeup 3kCTF 2020 — 14-05 EXPLOIT CVE-2020-12720 - Vbulletin RCE Vbulletin 9.8
CONTACT
rekter0
PROFESSIONAL SLOPPER
Application security research. vulnerability disclosure, and the occasional pre-auth RCE chain.
28 CVE 7 EXPLOIT 14 POST