Abhijith Narayanan - Security Researcher - Exploit Intelligence Platform

CVE-2024-51060 WRITEUP CRITICAL WRITEUP

Projectworlds Online Admission System v1 - SQL Injection via 'a_id' Parameter

Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the 'a_id' parameter.

CVSS 9.1

View Code

CVE-2024-51063 WRITEUP CRITICAL WRITEUP

Phpgurukul Teachers Record Management System 2.1 - SQL Injection via add-teacher.php Mobile Number or Email Parameter

Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection in add-teacher.php via the mobile number or email parameter.

CVSS 9.1

View Code

CVE-2024-51064 WRITEUP CRITICAL WRITEUP

Phpgurukul Teachers Record Management System 2.1 - SQL Injection via tid Parameter

Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php.

CVSS 9.8

View Code

CVE-2024-51065 WRITEUP CRITICAL WRITEUP

Phpgurukul Beauty Parlour Management System 1.1 - SQL Injection via Username Parameter

Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter.

CVSS 9.8

View Code

CVE-2024-51066 WRITEUP HIGH WRITEUP

Phpgurukul Beauty Parlour Management System 1.1 - Unauthorized Data Access via IDOR in appointment-detail.php

An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of other customers.

CVSS 7.5

View Code