CVE-2024-0545 CodeCanyon RISE Rise Ultimate Project Manager signin redirect

A vulnerability classified as problematic was found in CodeCanyon RISE Rise Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be...

CVE-2024-0545 CodeCanyon RISE Ultimate Project Manager signin redirect

A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiate...

CodeCanyon RISE Ultimate Project Manager Input Validation Error Vulnerability

CodeCanyon RISE Ultimate Project Manager is a project management and CRM software from CodeCanyon, Inc. An input validation error vulnerability exists in CodeCanyon RISE Ultimate Project Manager version 3.5.3, which stems from an open redirection vulnerability in file /index.php/signin...

inTouch 1.0 File Upload - Remote Code Execution Vulnerability

Title: inTouch-1.0 File Upload - RCE Author: nu11secur1ty Vendor: https://codecanyon.net/user/media-city Software: https://codecanyon.net/item/intouch-laravel-support-ticket-management-system/35177425?srank=2 Reference: https://portswigger.net/web-security/file-upload,...

Taskhub 2.8.7 SQL Injection Vulnerability

Exploit Title: taskhub 2.8.7 - SQL Injection Exploit Author: CraCkEr Vendor: Infinitie Technologies Vendor Homepage: https://www.infinitietech.com/ Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Demo: https://taskhub.company/auth Tested on: Windows...

ImgHosting 1.3 Cross Site Scripting

==================================================================================================================================== | Title : ImgHosting v1.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...

ImgHosting 1.3 SQL Injection

==================================================================================================================================== | Title : ImgHosting v1.3 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | |...

Infinity Market Classified Ads Script 1.6.2 Cross Site Scripting

==================================================================================================================================== | Title : Infinity Market Classified Ads Script 1.6.2 xss via file uploads Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor...

Foodiee Online Food Ordering Web Application 1.0.0 Cross Site Scripting

==================================================================================================================================== | Title : Foodiee - Online Food Ordering Web Application V1.0.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozil...

Horse Market Sell And Rent Portal Script 1.5.7 Cross Site Scripting

==================================================================================================================================== | Title : Horse Market Sell & Rent Portal Script V1.5.7 xss via file uploads Vulnerability | | Author : indoushka | | Telegram : @indoushka | | Tested on : windows ...

FixBook Repair Shop Management Tool 2.2 Hash Disclosure

==================================================================================================================================== | Title : FixBook - Repair Shop Management Tool v2.2 Password Hash Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / brows...

FleetCart Laravel Ecommerce System 1.1.2 Insecure Settings

==================================================================================================================================== | Title : FleetCart - Laravel Ecommerce System v1.1.2 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

Global Multi School Management System Express v1.0 - SQL Injection Vulnerability

Exploit Title: Global - Multi School Management System Express v1.0- SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/global-multi-school-management-system-express/21975378 Tested on: Kali Linux & MacOS CVE: N/A Request POST /report/balance HTTP/1.1 Content-Type...

Event Locations CMS 1.0.1 Shell Upload

==================================================================================================================================== | Title : Event Locations CMS V1.0.1 - unrestricted files upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

Taskhub CRM Tool 2.8.6 - SQL Injection Vulnerability

Exploit Title: Taskhub CRM Tool 2.8.6 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Tested on: Kali Linux & MacOS CVE: N/A Request GET /projects?filter=notstarted HTTP/1.1 Host: localhost...

Emaar Real Estate Agency Directory System 5.7 Shell Upload

==================================================================================================================================== | Title : Emaar – Real Estate Agency Directory System v5.7 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...

Credit Lite 1.5.4 SQL Injection Vulnerability

Exploit Title: Credit Lite 1.5.4 - SQL Injection Exploit Author: CraCkEr Vendor: Hobby-Tech Vendor Homepage: https://codecanyon.net/item/credit-lite-micro-credit-solutions/39554392 Software Link: https://credit-lite.appshat.xyz/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4407...

Taskhub CRM Tool 2.8.6 - SQL Injection

Exploit Title: Taskhub CRM Tool 2.8.6 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Tested on: Kali Linux & MacOS CVE: N/A Request GET /projects?filter=notstarted HTTP/1.1 Host: localhost...

OVOO Movie Portal CMS v3.3.3 - SQL Injection

Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569 Tested on: Kali Linux & MacOS CVE: N/A Request POST /filtermovies/1 HTTP/2 Host:...

CVE-2023-4407

A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/accountstatement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The...