CVE-2012-10062

A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits...

Lodging Reservation Management System 1.0 SQL Injection

Exploit Title: Lodging Reservation Management System 1.0 - SQL Injection / Authentication Bypass Date: 2021-09-20 Exploit Author: Nitin Sharmavidvansh Vendor Homepage: https://www.sourcecodester.com/php/14883/lodging-reservation-management-system-php-free-source-code.html Software Link:...

Men Salon Management System 1.0 - Multiple Vulnerabilities

Exploit Title: Men Salon Management System 1.0 - Multiple Vulnerabilities Date: 2021-09-09 Exploit Author: Aryan Chehreghani Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/men-salon-management-system-using-php-and-mysql Version: 1.0 Tested on: Windows 10 - XAMPP...

Men Salon Management System 1.0 Cross Site Scripting / SQL Injection

Exploit Title: Men Salon Management System 1.0 - Multiple Vulnerabilities Date: 2021-09-09 Exploit Author: Aryan Chehreghani Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/men-salon-management-system-using-php-and-mysql Version: 1.0 Tested on: Windows 10 - XAMPP...

Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting (XSS)

Exploit Title: Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting XSS Date: 2021-09-08 Exploit Author: Emre Aslan Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/wp-content/uploads/2021/07/Bus-Pass-Management-System-Using-PHP-MySQL.zip Version:...

Bus Pass Management System 1.0 - 'viewid' Insecure direct object references (IDOR)

Exploit Title: Bus Pass Management System 1.0 - 'viewid' Insecure direct object references IDOR Date: 2021-09-05 Exploit Author: sudoninja Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql Software Link:...

Bus Pass Management System 1.0 Insecure Direct Object Reference

Exploit Title: Bus Pass Management System 1.0 - 'viewid' Insecure direct object references IDOR Date: 2021-09-05 Exploit Author: sudoninja Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql Software Link:...

Bus Pass Management System 1.0 - (viewid) Insecure direct object references Vulnerability

Exploit Title: Bus Pass Management System 1.0 - 'viewid' Insecure direct object references IDOR Exploit Author: sudoninja Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql Software Link:...

Online Marriage Registration System (OMRS) 1.0 - Remote Code Execution (2)

Exploit Title: Online Marriage Registration System OMRS 1.0 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-14-12 Exploit Author: Andrea Bruschi - www.andreabruschi.net Vendor Homepage: https://phpgurukul.com/ Software Link:...

Online Marriage Registration System 1.0 Remote Code Execution

Exploit Title: Online Marriage Registration System OMRS 1.0 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-14-12 Exploit Author: Andrea Bruschi - www.andreabruschi.net Vendor Homepage: https://phpgurukul.com/ Software Link:...

Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile

Exploit Title: Artworks Gallery 1.0 - Arbitrary File Upload RCE Authenticated via Edit Profile Date: November 17th, 2020 Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: Source Code & Projects https://code-projects.org Software Link:...

MaraCMS 7.5 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MaraCMS Arbitrary PHP File Upload', 'Description' = %q This module exploits an arbitrary file upload vulnerability in MaraCMS 7.5 and prior in...

ZenTao Pro 8.8.2 Remote Code Execution

This module exploits a command injection vulnerability in ZenTao Pro 8.8.2 and earlier versions in order to execute arbitrary commands with SYSTEM privileges. The module first attempts to authenticate to the ZenTao dashboard. It then tries to execute the payload by submitting fake repositories vi...

ZenTao Pro 8.8.2 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ZenTao Pro 8.8.2 Remote Code Execution', 'Description' = %q This module exploits a command injection vulnerability in ZenTao Pro 8.8.2 and earlie...

ZenTao Pro 8.8.2 Remote Code Execution Exploit

This Metasploit module exploits a command injection vulnerability in ZenTao Pro 8.8.2 and earlier versions in order to execute arbitrary commands with SYSTEM privileges. Valid credentials for a ZenTao admin account are required. This module has been successfully tested against ZenTao 8.8.1 and...

ATutor 2.2.4 CVE-2019-12169 - Remote Code Execution

This Metasploit module exploits an arbitrary file upload vulnerability together with a directory traversal flaw in ATutor This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ATutor 2.2.4 - Director...

Online Marriage Registration System 1.0 - Remote Code Execution (1)

Exploit Title: Online Marriage Registration System 1.0 Remote Code Execution Google Dork: N/A Date: 2020-05-31 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/online-marriage-registration-system-using-php-and-mysql/...