MarioTesoro/vulnerability-research

MarioTesoro/vulnerability-research

Releases0

Stars1

Collection of security vulnerabilities (CVEs) identified in my security research. Each entry includes information about the CVE, along with associated Proof of Concept (PoC) code demonstrating the exploitability of the vulnerability.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-56699 ↗	Oct 16, 2025Thursday, 16 October 2025, 17:15	5.4 MEDIUM	—
SQL injection vulnerability in the cmd component of Base Digitale Group spa product Centrax Open PSIM version 6.1 allows an unauthenticated user to execute arbitrary SQL commands via the sender parameter.
CVE-2025-56700 ↗	Oct 16, 2025Thursday, 16 October 2025, 17:15	5.4 MEDIUM	—
Boolean SQL injection vulnerability in the web app of Base Digitale Group spa product Centrax Open PSIM version 6.1 allows a low level priviliged user that has access to the platform, to execute arbitrary SQL commands via the datafine parameter.
CVE-2025-61224 ↗	Oct 6, 2025Monday, 6 October 2025, 16:15	6.5 MEDIUM	—
Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56.1] allows a remote attacker to execute arbitrary code via the q parameter