Aaryan Golatkar

7 exploits Active since Feb 2022
CVE-2024-57487 NOMISEC MEDIUM WRITEUP
Car Rental System 1.0 File Upload RCE (Authenticated)
In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server.
CVSS 6.5
CVE-2024-57488 WRITEUP MEDIUM WRITEUP
Code-projects Online Car Rental System - XSS
Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting (XSS) via the vehicalorcview parameter in /admin/edit-vehicle.php.
CVSS 6.5
CVE-2025-0537 WRITEUP LOW WRITEUP
code-projects Car Rental Management System 1.0 - XSS
A vulnerability, which was classified as problematic, has been found in code-projects Car Rental Management System 1.0. This issue affects some unknown processing of the file /admin/manage-pages.php. The manipulation of the argument pgdetails leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 2.4
CVE-2025-0538 WRITEUP LOW WRITEUP
Tourism Management System 1.0 - XSS
A vulnerability, which was classified as problematic, was found in code-projects Tourism Management System 1.0. Affected is an unknown function of the file /admin/manage-pages.php. The manipulation of the argument pgedetails leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2021-24762 METASPLOIT CRITICAL ruby WORKING POC
The Perfect Survey WP <1.5.2 - SQL Injection
The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.
CVSS 9.8
CVE-2024-57487 METASPLOIT MEDIUM ruby WORKING POC
Car Rental System 1.0 File Upload RCE (Authenticated)
In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server.
CVSS 6.5
CVE-2022-40471 METASPLOIT CRITICAL ruby WORKING POC
Clinic's Patient Management System 1.0 - RCE
Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php
CVSS 9.8