Anıl Baran Yelken

CVE-2019-25347 EXPLOITDB HIGH text WORKING POC

thesystem App 1.0 - SQL Injection

thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. Attackers can inject malicious SQL code like ' or '1=1 to the username field to gain unauthorized access to user accounts.

CVSS 7.5

View Code

CVE-2019-25311 EXPLOITDB MEDIUM text WORKING POC

thesystem 1.0 - XSS

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_description, and server_name parameters to execute arbitrary JavaScript in victim browsers.

CVSS 6.4

View Code