New MVC Shop 1.0 SQL Injection / Missing Attributes

Title: new-mvc-shop-1.0 - SQLi + SameSite attribute weak security PHPSESSID Hijacking Author: nu11secur1ty Date: 05.29.2023 Vendor: https://chikoiquan.tanhongit.com/ Software: https://github.com/tanhongit/new-mvc-shop/releases/tag/v1.0 Reference: https://portswigger.net/web-security/sql-injection...

New MVC Shop 1.0 SQL Injection / Missing Attributes Vulnerability

Title: new-mvc-shop-1.0 - SQLi + SameSite attribute weak security PHPSESSID Hijacking Author: nu11secur1ty Vendor: https://chikoiquan.tanhongit.com/ Software: https://github.com/tanhongit/new-mvc-shop/releases/tag/v1.0 Reference: https://portswigger.net/web-security/sql-injection Description: The...

Senayan Library Management System 9.1.1 Cross Site Scripting Vulnerability

Title: Senayan Library Management System v9.1.1 a.k.a SLIMS 9 XSS-Reflected - PHPSESSID Hijacking + inserting webp image Author: nu11secur1ty Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.1.1 Reference:...

Senayan Library Management System 9.4.0 Cross Site Scripting Vulnerability

Title: Senayan Library Management System v9.4.0 a.k.a SLIMS 9 XSS-Reflected- PHPSESSID Hijacking Author: nu11secur1ty Vendor: https://slims.web.id/web/ Software: https://slims.web.id/web/news/rilis-9.4.0/ Reference:...

CVE-2022-24582

Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manageuser from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of the network...

CVE-2022-24582

Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manageuser from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of the network...

Covid Vaccination Scheduler System 1.0 SQL Injection / Cross Site Scripting

CVE-2021-36621 Vendor Description Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection, XSS-STORED PHPSESSID Hijacking, and remote SQL Injection - bypass Authentication. The attacker can be hijacking the PHPSESSID by using this vulnerability and then he can...

Covid Vaccination Scheduler System 1.0 SQL Injection / Cross Site Scripting Vulnerabilities

Covid Vaccination Scheduler System version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to faisalfs10x in July of 2021. CVE-2021-36621 Vendor Description Sourcecodester Online Covid Vaccination...

PASS-PHP 1.0 SQL Injection / Cross Site Scripting

Exploit Title: PASS-PHP by: oretnom23 v1.0 is vulnerable to remote SqL-Injection bypass Authentication, XSS-Stored and PHPSESSID Hijacking. Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 09.24.2021 Vendor: https://www.sourcecodester.com/user/257130/activity Link:...

PASS-PHP 1.0 SQL Injection / Cross Site Scripting Exploit

Exploit Title: PASS-PHP by: oretnom23 v1.0 is vulnerable to remote SqL-Injection bypass Authentication, XSS-Stored and PHPSESSID Hijacking. Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 09.24.2021 Vendor: https://www.sourcecodester.com/user/257130/activity Link:...

SURMS - PHP (by: oretnom23 ) v1.0 SQL-Injection-Bypass-Authentication and PWNED PHPSESSID Hijacking

The SURMS – PHP by: oretnom23 v1.0 is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account and PWNED PHPSESSID Hijacking in app /storage/classes/Login.php. remote SQL-Injection-Bypass-Authentication: . The parameter username from the login form is not protected correct...