Daily Expenses Management System 1.0 Cross Site Scripting

Exploit Title: Daily Expenses Management System 1.0 - Multiple Persistent Cross-Site Scripting Date: 2020-8-4 Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html Software Link:...

Online Shopping Alphaware 1.0 Arbitrary File Upload

Exploit Title: Online Shopping Alphaware 1.0 - Arbitrary File Upload Authenticated Date: 2020-8-4 Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

Online Shopping Alphaware 1.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Shopping Alphaware 1.0 - 'Edit Customer Account' Persistent Cross-Site Scripting Authenticated Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html...

Online Shopping Alphaware 1.0 Insecure Direct Object Reference Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Shopping Alphaware 1.0 - 'Summary' Insecure Direct Object Reference Authenticated Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

Daily Expenses Management System 1.0 - 'username' SQL Injection

Exploit Title: Daily Expenses Management System 1.0 - 'username' SQL Injection Exploit Author: Daniel Ortiz Date: 2020-08-01 Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html Tested on: XAMPP Version 5.6.40 / Windows 10 Software Link:...

Stock Management System 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Stock Management System 1.0 - Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html...

Online Shopping Alphaware 1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Title: Online Shopping Alphaware 1.0 - Authentication Bypass Exploit Author: Ahmed Abbas Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting

Exploit Title: Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting Date: 2020-06-29 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://www.sourcecodester.com/php/14198/online-farm-management-system-phpmysql.html Software Link:...

Responsive Online Blog 1.0 - 'id' SQL Injection

Exploit Title: Responsive Online Blog 1.0 - 'id' SQL Injection Date: 2020-06-23 Exploit Author: Eren Şimşek Vendor Homepage: https://www.sourcecodester.com/php/14194/responsive-online-blog-website-using-phpmysql.html Software Link:...

Student Enrollment 1.0 - Unauthenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Student Enrollment 1.0 - Unauthenticated Remote Code Execution Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://www.sourcecodester.com/php/14281/online-student-enrollment-system-using-phpmysqli.html Versio...

Clinic Management System 1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Clinic Management System 1.0 - Authentication Bypass Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link:...

Complaint Management System 1.0 - (username) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Complaint Management System 1.0 - 'username' SQL Injection Exploit Author: Daniel Ortiz Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html Tested on: XAMPP Version 5.6.40 / Windows 10...

Complaint Management System 1.0 - Authentication Bypass

Exploit Title: complaint management system 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-05-10 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html Software Link:...

Online Clothing Store 1.0 Arbitrary File Upload

Exploit Title: Online Clothing Store 1.0 - Arbitrary File Upload Date: 2020-05-05 Exploit Author: Sushant Kamble and Saurav Shukla Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html Software Link:...

CVE-2019-18417

Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files...

CVE-2019-18415

Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen...

Cross site request forgery (csrf)

Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page...

Remote code execution

Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files...

Cross site scripting

Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen...

Cross site scripting

Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member...