Ankita Pal

7 exploits Active since Nov 2020
CVE-2020-28136 EXPLOITDB HIGH text WORKING POC
Tourism Management System 1.0 - Unauthenticated Arbitrary File Upload via Admin Create Package
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.
CVSS 8.8
CVE-2020-29215 EXPLOITDB MEDIUM text WORKING POC
SourceCodester Employee Management System 1.0 - XSS
A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account.
CVSS 5.4
CVE-2020-29214 EXPLOITDB CRITICAL text WORKING POC
SourceCodester Alumni Management System 1.0 - SQL Injection
SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php.
CVSS 9.8
EIP-2026-111390 EXPLOITDB text WORKING POC
Point of Sales 1.0 - 'id' SQL Injection
EIP-2026-109213 EXPLOITDB text WORKING POC
Lot Reservation Management System 1.0 - Cross-Site Scripting (Stored)
EIP-2026-109212 EXPLOITDB text WORKING POC
Lot Reservation Management System 1.0 - Authentication Bypass
EIP-2026-106856 EXPLOITDB text WORKING POC
Employee Management System 1.0 - Authentication Bypass