Asim Qazi

3 exploits Active since Jan 2026
CVE-2025-15495 NOMISEC MEDIUM WORKING POC
BiggiDroid Simple PHP CMS 1.0 - Unrestricted File Upload via Image Parameter in /admin/editsite.php
A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/editsite.php. The manipulation of the argument image results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.7
CVE-2026-1141 WRITEUP MEDIUM WRITEUP
PHPGurukul News Portal 1.0 - Incorrect Privilege Assignment in Add Sub-Admin Page
A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /admin/add-subadmins.php of the component Add Sub-Admin Page. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit is publicly available and might be used.
CVSS 6.3
CVE-2026-1142 WRITEUP MEDIUM WORKING POC
PHPGurukul News Portal 1.0 - Cross-Site Request Forgery
A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
CVSS 4.3