Showing 1 - 6 of 6

Files from Daniele Scanu

First Active	2019-03-15
Last Active	2019-11-13

CMS Made Simple 2.2.8 Remote Code Execution: Posted Nov 13, 2019; Authored by Daniele Scanu | Site metasploit.com; An issue was discovered in CMS Made Simple version 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible to reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection. This Metasploit module has been successfully tested on CMS Made Simple versions 2.2.6, 2.2.7, 2.2.8, 2.2.9 and 2.2.9.1.; tags | exploit, php; advisories | CVE-2019-9055; SHA-256 | 89958144f8e021770610570a9f70bd342705de89876594b1eeaf56a68799f77d; Download | Favorite | View

WordPress Form Maker 1.13.3 SQL Injection: Posted May 13, 2019; Authored by Daniele Scanu; WordPress Form Maker plugin version 1.13.3 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; advisories | CVE-2019-10866; SHA-256 | 426b45d32947941f83dd2c060d6278e5306070cc490f5c008dfa7eb4efe3bc5a; Download | Favorite | View

Pimcore Unserialize Remote Code Execution: Posted Apr 29, 2019; Authored by Daniele Scanu, Fabio Cogno | Site metasploit.com; This Metasploit module exploits a PHP unserialize() in Pimcore before 5.7.1 to execute arbitrary code. An authenticated user with "classes" permission could exploit the vulnerability. The vulnerability exists in the "ClassController.php" class, where the "bulk-commit" method makes it possible to exploit the unserialize function when passing untrusted values in "data" parameter. Tested on Pimcore 5.4.0-5.4.4, 5.5.1-5.5.4, 5.6.0-5.6.6 with the Symfony unserialize payload. Tested on Pimcore 4.0.0-4.6.5 with the Zend unserialize payload.; tags | exploit, arbitrary, php; advisories | CVE-2019-10867; SHA-256 | e9668485fecf0de5fb772aff42ff232d1d7e80b39adcab869e40e189d37c4459; Download | Favorite | View

CMS Made Simple SQL Injection: Posted Apr 2, 2019; Authored by Daniele Scanu; CMS Made Simple versions prior to 2.2.10 suffer from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; advisories | CVE-2019-9053; SHA-256 | 15dcb3716a8e35a8688386af84e732041c8e06152ee9a78d1ef286a0e3c5b28b; Download | Favorite | View

CMS Made Simple (CMSMS) Showtime2 File Upload Remote Command Execution: Posted Mar 27, 2019; Authored by Daniele Scanu, Fabio Cogno | Site metasploit.com; This Metasploit module exploits a file upload vulnerability that allows for remote command execution in Showtime2 module versions 3.6.2 and below in CMS Made Simple (CMSMS). An authenticated user with "Use Showtime2" privilege could exploit the vulnerability. The vulnerability exists in the Showtime2 module, where the class "class.showtime2_image.php" does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). Tested on Showtime2 3.6.2, 3.6.1, 3.6.0, 3.5.4, 3.5.3, 3.5.2, 3.5.1, 3.5.0, 3.4.5, 3.4.3, 3.4.2 on CMS Made Simple (CMSMS) 2.2.9.1.; tags | exploit, remote, php, file upload; advisories | CVE-2019-9692; SHA-256 | 1df098a0e8333fb97bab3cd80dd2de6a5ea4a18a6d09b8daa9ff38cd10e5965a; Download | Favorite | View

CMS Made Simple Showtime2 3.6.2 Arbitrary File Upload: Posted Mar 15, 2019; Authored by Daniele Scanu; CMS Made Simple Showtime2 module version 3.6.2 suffers from an authenticated arbitrary file upload vulnerability.; tags | exploit, arbitrary, file upload; advisories | CVE-2019-9692; SHA-256 | fa20c0dbf5abddd0ecf04e638c87694a61d978bf9edf8380b83ae038d3fe85d9; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days