0003Joomlapoc
Joomla com_contact access-control bypass
guest-denied contacts can still leak personal data through direct format=vcf output
0002MetInfopoc
MetInfo 8.1 unauthenticated file read
guest SVG upload can trigger XXE and exfiltrate local file content
0001MacCMSpoc
MacCMS unauthenticated account takeover
guest-readable user detail data exposes enough material to forge a frontend login cookie
