AFFAN AHMED

4 exploits Active since Jan 2023
CVE-2023-3187 EXPLOITDB MEDIUM text WORKING POC
PHPGurukul Teachers Record Management System 1.0 - Unrestricted Upload
A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176.
CVSS 6.3
CVE-2023-0455 EXPLOITDB HIGH text WORKING POC
Bumsys - Unrestricted File Upload
Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta.
CVSS 8.8
CVE-2023-3184 EXPLOITDB LOW text WORKING POC
SourceCodester Sales Tracker Management System 1.0 - XSS
A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231164.
CVSS 2.4
CVE-2023-0527 EXPLOITDB LOW python WORKING POC
Online Security Guards Hiring System - XSS
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input "><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219596.
CVSS 3.5