Anirudh Krishnaprasad

4 exploits Active since Nov 2024
CVE-2024-51326 WRITEUP HIGH WRITEUP
projectworlds Travel Management System 1.0 - SQL Injection via deletesubcategory.php t2 Parameter
SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php.
CVSS 7.5
CVE-2024-51327 WRITEUP CRITICAL WRITEUP
ProjectWorlds Travel Management System 1.0 - SQL Injection Authentication Bypass via Login Form
SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.
CVSS 9.8
CVE-2024-51328 WRITEUP MEDIUM WRITEUP
projectworlds Travel Management System 1.0 - Stored Cross-Site Scripting via addcategory.php t2 Parameter
Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter.
CVSS 6.1
CVE-2024-51329 WRITEUP HIGH WRITEUP
Agile-Board 1.0 - Host Header Injection via Password Reset Link
A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.
CVSS 8.8