Vulnerability Research

This repository contains information and proofs of concept (PoCs) for the CVEs I have found.

1. EasyVirt

CVE ID	Vulnerabilty	Product
CVE-2024-53354	Multiple SQL Injection	DCScope <= 8.6.0 / Co2Scope <= 1.3.0
CVE-2024-53355	Broken Access Control	DCScope <= 8.6.0 / Co2Scope <= 1.3.0
CVE-2024-53356	Weak JWT Secret	DCScope <= 8.6.0 / Co2Scope <= 1.3.0
CVE-2024-53357	Sensitive Data Exposure	DCScope <= 8.6.0 / Co2Scope <= 1.3.0
CVE-2024-55062	Remote Code Execution (Unauthenticated)	DCScope <= 8.6.0 / Co2Scope <= 1.3.0
CVE-2024-55063	Multiple Remote Code Execution	DC NetScope <= 8.7.0
CVE-2024-55064	Multiple Stored XSS	DC NetScope <= 8.6.4
CVE-2024-57587	Multiple SQL Injection (Unauthenticated)	DCScope <= 8.6.0 / Co2Scope <= 1.3.0
CVE-2025-28076	Multiple SQL Injection	DCScope <= 8.6.4 / Co2Scope <= 1.3.4

2. GreaterWMS

CVE ID	Vulnerabilty	Product
CVE-2025-26201	Authentication Bypass via Credential Disclosure	GreaterWMS <= 2.1.49

3. Wordpress

CVE ID	Vulnerabilty	Product
CVE-2025-6716	Stored XSS (Author+)	(plugin) contest-gallery <= 26.0.8
CVE-2025-6717	SQL Injection (Subscriber+)	(plugin) b1-accounting <= 2.2.56
CVE-2025-6718	Broken Access Control + SQL Injection (Subscriber+)	(plugin) b1-accounting <= 2.2.56
CVE-2025-6719	Stored XSS (Admin+)	(plugin) terms-descriptions <= 3.4.8
CVE-2025-6722	Unauthenticated Information Exposure - WAF configuration	(plugin) BitFire <= 4.5
CVE-2025-10055	CSRF privilege escalation	(plugin) time-sheets <= 2.1.3
CVE-2025-10380	SSTI (Author+)	(plugin) Advanced Views <= 3.7.19
CVE-2025-10383	Stored XSS (Author+)	(plugin) contest-gallery <= 27.0.2
CVE-2025-10490	Stored XSS (Admin+)	(plugin) zephyr-project-manager <= 3.3.202
CVE-2025-10744	Unauthenticated Information Exposure - Database exfiltration	(plugin) softdiscover-db-file-manager <= 1.6.1
CVE-2025-11254	Unauthenticated CSV Injection	(plugin) contest-gallery <= 27.0.3