CVE-2024-0545

The CVE-2024-0545 entry concerns CodeCanyon RISE Rise Ultimate Project Manager version 3.5.3. The vulnerability is an open redirect in the /index.php/signin endpoint caused by manipulation of the redirect parameter to an external URL (e.g., http://evil.com). Remote exploitation is possible and th...

CodeCanyon RISE Ultimate Project Manager Input Validation Error Vulnerability

CodeCanyon RISE Ultimate Project Manager is a project management and CRM software from CodeCanyon, Inc. An input validation error vulnerability exists in CodeCanyon RISE Ultimate Project Manager version 3.5.3, which stems from an open redirection vulnerability in file /index.php/signin...

inTouch 1.0 File Upload - Remote Code Execution Vulnerability

Title: inTouch-1.0 File Upload - RCE Author: nu11secur1ty Vendor: https://codecanyon.net/user/media-city Software: https://codecanyon.net/item/intouch-laravel-support-ticket-management-system/35177425?srank=2 Reference: https://portswigger.net/web-security/file-upload,...

Taskhub 2.8.7 SQL Injection Vulnerability

Exploit Title: taskhub 2.8.7 - SQL Injection Exploit Author: CraCkEr Vendor: Infinitie Technologies Vendor Homepage: https://www.infinitietech.com/ Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Demo: https://taskhub.company/auth Tested on: Windows...

ImgHosting 1.3 Cross Site Scripting

==================================================================================================================================== | Title : ImgHosting v1.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...

Infinity Market Classified Ads Script 1.6.2 Cross Site Scripting

==================================================================================================================================== | Title : Infinity Market Classified Ads Script 1.6.2 xss via file uploads Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor...

ImgHosting 1.3 SQL Injection

==================================================================================================================================== | Title : ImgHosting v1.3 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | |...

Foodiee Online Food Ordering Web Application 1.0.0 Cross Site Scripting

==================================================================================================================================== | Title : Foodiee - Online Food Ordering Web Application V1.0.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozil...

Horse Market Sell And Rent Portal Script 1.5.7 Cross Site Scripting

==================================================================================================================================== | Title : Horse Market Sell & Rent Portal Script V1.5.7 xss via file uploads Vulnerability | | Author : indoushka | | Telegram : @indoushka | | Tested on : windows ...

FleetCart Laravel Ecommerce System 1.1.2 Insecure Settings

==================================================================================================================================== | Title : FleetCart - Laravel Ecommerce System v1.1.2 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

FixBook Repair Shop Management Tool 2.2 Hash Disclosure

==================================================================================================================================== | Title : FixBook - Repair Shop Management Tool v2.2 Password Hash Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / brows...

Credit Lite 1.5.4 SQL Injection Vulnerability

Exploit Title: Credit Lite 1.5.4 - SQL Injection Exploit Author: CraCkEr Vendor: Hobby-Tech Vendor Homepage: https://codecanyon.net/item/credit-lite-micro-credit-solutions/39554392 Software Link: https://credit-lite.appshat.xyz/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4407...

Event Locations CMS 1.0.1 Shell Upload

==================================================================================================================================== | Title : Event Locations CMS V1.0.1 - unrestricted files upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

Taskhub CRM Tool 2.8.6 - SQL Injection Vulnerability

Exploit Title: Taskhub CRM Tool 2.8.6 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Tested on: Kali Linux & MacOS CVE: N/A Request GET /projects?filter=notstarted HTTP/1.1 Host: localhost...

Emaar Real Estate Agency Directory System 5.7 Shell Upload

==================================================================================================================================== | Title : Emaar – Real Estate Agency Directory System v5.7 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...

OVOO Movie Portal CMS v3.3.3 - SQL Injection

Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569 Tested on: Kali Linux & MacOS CVE: N/A Request POST /filtermovies/1 HTTP/2 Host:...

Global Multi School Management System Express v1.0 - SQL Injection Vulnerability

Exploit Title: Global - Multi School Management System Express v1.0- SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/global-multi-school-management-system-express/21975378 Tested on: Kali Linux & MacOS CVE: N/A Request POST /report/balance HTTP/1.1 Content-Type...

Taskhub CRM Tool 2.8.6 - SQL Injection

Exploit Title: Taskhub CRM Tool 2.8.6 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Tested on: Kali Linux & MacOS CVE: N/A Request GET /projects?filter=notstarted HTTP/1.1 Host: localhost...

CVE-2023-4407

A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/accountstatement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The...

Sql injection

A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/accountstatement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The...