Ashish Kumar

8 exploits Active since Jun 2022
CVE-2022-2212 WRITEUP MEDIUM WORKING POC
Library Management System 1.0 - Unrestricted File Upload via Image Parameter in /card/index.php
A vulnerability was found in SourceCodester Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the component /card/index.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2022-2213 WRITEUP LOW WRITEUP
Library Management System 1.0 - Stored Cross-Site Scripting via Name Parameter in Edit Admin Details
A vulnerability was found in SourceCodester Library Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_admin_details.php?id=admin. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2022-2292 WRITEUP LOW WRITEUP
SourceCodester Hotel Management System 2.0 - Stored Cross-Site Scripting via Room Edit Page
A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0. Affected is an unknown function of the file /ci_hms/massage_room/edit/1 of the component Room Edit Page. The manipulation of the argument massageroomDetails with the input "><script>alert("XSS")</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2022-2293 WRITEUP LOW WRITEUP
Simple Sales Management System 1.0 - Stored Cross-Site Scripting via Customer Name Parameter
A vulnerability classified as problematic was found in SourceCodester Simple Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ci_ssms/index.php/orders/create. The manipulation of the argument customer_name with the input <script>alert("XSS")</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2022-2297 WRITEUP MEDIUM WRITEUP
Clinic's Patient Management System 2.0 - Unrestricted File Upload via profile_picture Parameter
A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Affected is an unknown function of the file /pms/update_user.php?user_id=1. The manipulation of the argument profile_picture with the input <?php phpinfo();?> leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2022-2298 WRITEUP HIGH WRITEUP
Clinic's Patient Management System 2.0 - SQL Injection via Login Page user_name Parameter
A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pms/index.php of the component Login Page. The manipulation of the argument user_name with the input admin' or '1'='1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 7.3
CVE-2022-2364 WRITEUP LOW WRITEUP
SourceCodester Simple Parking Management System 1.0 - XSS
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0. This affects an unknown part of the file /ci_spms/admin/category. The manipulation of the argument vehicle_type with the input "><script>alert("XSS")</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2022-40471 METASPLOIT CRITICAL ruby WORKING POC
Clinic's Patient Management System 1.0 - RCE
Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php
CVSS 9.8