xsspresso
xsspresso
Tags/ CVE

CVE

5 writeups tagged with CVE

WebMediumLinux

VHL — CMS101

Joomla CMS on CentOS with ProFTPD. Exploited a known Joomla CVE for unauthenticated RCE via the com_media upload component.

#Joomla#CVE#RCE
Feb 15, 2025Virtual Hacking Labs
WebMediumLinux

VHL — Tracking

Drupal 9 on Debian. Exploited an authenticated RCE vulnerability with compromised admin credentials found via enumeration.

#Drupal#RCE#Enumeration
Feb 13, 2025Virtual Hacking Labs
WebEasyLinux

VHL — Crash

GravCMS on Ubuntu. Unauthenticated scheduler RCE CVE allows arbitrary command execution as the web user, then sudo privesc.

#GravCMS#Scheduler RCE#CVE
Feb 12, 2025Virtual Hacking Labs
WebMediumLinux

VHL — Records

OpenEMR medical records application. Exploited a pre-auth SQL injection CVE and file upload for shell access.

#OpenEMR#SQLi#File Upload
Feb 11, 2025Virtual Hacking Labs
WebEasyLinux

VHL — Tiki

TikiWiki CMS Groupware on CentOS. Exploited a known CVE for unauthenticated remote code execution to gain a shell.

#TikiWiki#CMS#RCE
Feb 10, 2025Virtual Hacking Labs