avatar

Nuri Γ‡ilengir

@ncilengir

  • PRODAFT
  • Turkey
  • @ncilengir
  • /u/cilengirnuri/
  • https://pentest.blog/
  • ncilengir
    • Who am I ?

    Overview

    12

    total CVE

    HIGH
    3
    CRITICAL
    6
    MEDIUM
    3
    LOW
    0
    NONE
    0

    Latest CVEs

    8.4

    CVSS3.1

    CVE-2023-46306 -

    The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. This occurs because another thread can be star…

    πŸ“… Published: Oct. 22, 2023, midnight πŸ”„ Last Modified: Nov. 21, 2024, 8:28 a.m.

    7.5

    CVSS3.1

    CVE-2022-34126 -

    The Activity plugin before 3.1.1 for GLPI allows reading local files via directory traversal in the front/cra.send.php file parameter.

    πŸ“… Published: April 16, 2023, midnight πŸ”„ Last Modified: Feb. 6, 2025, 7:15 p.m.

    7.5

    CVSS3.1

    CVE-2022-34127 -

    The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter.

    πŸ“… Published: April 16, 2023, midnight πŸ”„ Last Modified: Feb. 6, 2025, 7:15 p.m.

    6.5

    CVSS3.1

    CVE-2022-34125 -

    front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter.

    πŸ“… Published: April 16, 2023, midnight πŸ”„ Last Modified: Feb. 6, 2025, 7:15 p.m.

    9.8

    CVSS3.1

    CVE-2022-34128 -

    The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php.

    πŸ“… Published: April 16, 2023, midnight πŸ”„ Last Modified: Feb. 6, 2025, 7:15 p.m.
    See all CVEs of