Anirudh Krishnaprasad - Security Researcher - Exploit Intelligence Platform

CVE-2024-51326 WRITEUP HIGH WRITEUP

Projectworlds Travel Management System - SQL Injection

SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php.

CVSS 7.5

View Code

CVE-2024-51327 WRITEUP CRITICAL WRITEUP

Projectworlds Travel Management System - SQL Injection

SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.

CVSS 9.8

View Code

CVE-2024-51328 WRITEUP MEDIUM WRITEUP

Projectworlds Travel Management System - XSS

Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter.

CVSS 6.1

View Code

CVE-2024-51329 WRITEUP HIGH WRITEUP

Idrsdev Agile-board - Code Injection

A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.

CVSS 8.8

View Code