Cross site scripting

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting XSS via /simplechatbot/classes/Master.php?f=saveresponse...

CVE-2022-30459

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simplechatbot/classes/Master.php?f=deleteresponse, id...

CVE-2022-30459

CVE-2022-30459 affects the ChatBot App with Suggestion in PHP/OOP v1.0. The vulnerability is a SQL injection in the Master.php endpoint when the parameter f is set to delete_response and id is supplied, due to insufficient input validation. This can allow manipulation of the underlying database, ...

CVE-2022-30464

CVE-2022-30464 concerns a Cross Site Scripting (XSS) vulnerability in the ChatBot App with Suggestion in PHP/OOP v1.0. The issue is triggered via the endpoint /simple_chat_bot/classes/Master.php?f=save_response, where user-supplied input appears to be processed without proper sanitization, enabli...

Pay Slip PDF Generator System 1.0 Shell Upload Vulnerability

Title: Pay Slip PDF Generator System 1.0 Shell Upload Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15242/employees-pay-slip-pdf-generator-system-email-using-phpoop-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/pess0.zip...

CVE-2021-44114

Cross Site Scripting XSS vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function...

CVE-2021-44114

Cross Site Scripting XSS vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function...

CVE-2021-44114

CVE-2021-44114 is a cross-site scripting (XSS) vulnerability in the Sourcecodester Stock Management System for PHP/OOP 1.0. The issue allows remote attackers to trigger arbitrary remote code execution through the create user function. The NVD entry lists a CVSS v3.1 base score of 4.8 (MEDIUM) wit...

Sql injection

An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php...

CVE-2021-45435

CVE-2021-45435 involves an SQL injection in Sourcecodester Simple Cold Storage Management System (PHP/OOP 1.0) via the username field in login.php. Connected sources consistently describe the vulnerability and root cause as improper input handling in the login.php username parameter, enabling att...

Online Motorcycle (Bike) Rental System 1.0 - Blind Time-Based SQL Injection Exploit

Exploit Title: Online Motorcycle Bike Rental System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Chase ComardelleCASO Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html Software Link:...

Pet Shop Management System 1.0 - Remote Code Execution (Unauthenticated) Exploit

Title: Pet Shop Management System 1.0 - Remote Code Execution RCE Unauthenticated Author: Mr.Gedik Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14962/petshop-management-system-using-phppdo-oop-full-source-code-complete.html Version: 1.0...

Joomla 存储型XSS漏洞(CVE-2021-26032)

JOOMLA PASSWORD RESET VULNERABILITY AND A STORED XSS FOR FULL COMPROMISE Intro Joomla is one of the most popular CMS-es with over 1.5 million installations world-wide. We pentested Joomla 3.9.24 and found a password reset vulnerability which we chained with a set of vulnerabilities and features t...

YzmCMS 5.3 Host Header Injection

Exploit Title: YzmCMS 5.3 - 'Host' Header Injection Exploit Author: Debashis Pal Vendor Homepage: http://www.yzmcms.com/ Source: https://github.com/yzmcms/yzmcms Version: YzmCMS V5.3 CVE : N/A Tested on: Windows 7 SP164bit,XAMPP: 7.3.9 About YzmCMS ============== YzmCMS is a lightweight open sour...

OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery

Exploit Title: OOP CMS BLOG 1.0 - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: March 1, 2019 Vendor Homepage: http://zsoft.com.bd/ Software Link :...

OOP CMS BLOG 1.0 - Multiple SQL Injection

Exploit Title: OOP CMS BLOG 1.0 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: March 1, 2019 Vendor Homepage: http://zsoft.com.bd/ Software Link : https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Tested Version: 1.0...

OOP CMS BLOG 1.0 - Multiple SQL Injection

OOP CMS BLOG 1.0 - Multiple SQL Injection Exploit Title: OOP CMS BLOG 1.0 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: March 1, 2019 Vendor Homepage: http://zsoft.com.bd/ Software Link :...

OOP CMS BLOG 1.0 Cross Site Request Forgery / SQL Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: OOP CMS BLOG 1.0 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: http://zsoft.com.bd/ Software Link :...

OOP CMS BLOG 1.0 - search SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: OOP CMS BLOG 1.0 - 'search' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link: https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Version: 1.0 Category:...

OOP CMS BLOG 1.0 SQL Injection

Exploit Title: OOP CMS BLOG 1.0 - 'search' SQL Injection Dork: N/A Date: 2018-11-06 Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link: https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Version: 1.0 Category: Webapps Tested on:...