Adeeb Shah (@hyd3sec)

13 exploits Active since Aug 2020
CVE-2020-23839 NOMISEC MEDIUM WORKING POC
GetSimple CMS <3.3.16 - XSS
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form.
11 stars
CVSS 6.1
CVE-2020-23831 WRITEUP MEDIUM WORKING POC
SourceCodester Stock Management System v1.0 - XSS
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials.
CVSS 6.4
CVE-2020-24199 WRITEUP CRITICAL WORKING POC
Project Worlds Car Rental Management System <1.0 - RCE
Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution.
CVSS 9.8
CVE-2020-24202 WRITEUP CRITICAL WORKING POC
Projects World House Rental v1.0 - RCE
File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution.
CVSS 9.8
CVE-2020-23837 EXPLOITDB HIGH text WORKING POC
GetSimple CMS Multi User 1.8.2 - CSRF
A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL.
CVSS 8.8
CVE-2020-23836 EXPLOITDB HIGH text WORKING POC
OSWA-INV <2020-08-10 - CSRF
A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits a third-party site.
CVSS 8.8
CVE-2020-23834 EXPLOITDB HIGH text WORKING POC
Real Time Logic BarracudaDrive <6.5 - Privilege Escalation
Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem.
CVSS 8.8
CVE-2020-24193 EXPLOITDB CRITICAL text WORKING POC
Sourcecodetester Daily Tracker System 1.0 - SQL Injection
A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter.
CVSS 9.8
CVE-2020-23835 EXPLOITDB MEDIUM text WORKING POC
SourceCodester Tailor Management System v1.0 - XSS
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing.
CVSS 6.4
EIP-2026-112435 EXPLOITDB text WORKING POC
Stock Management System 1.0 - 'Product Name' Persistent Cross-Site Scripting
EIP-2026-109109 EXPLOITDB python WORKING POC
Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)
EIP-2026-107658 EXPLOITDB text WORKING POC
House Rental 1.0 - 'keywords' SQL Injection
CVE-2020-23839 EXPLOITDB MEDIUM python WORKING POC
GetSimple CMS <3.3.16 - XSS
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form.
CVSS 6.1