Aslam Anwar Mahimkar - Security Researcher - Exploit Intelligence Platform

CVE-2024-36598 WRITEUP HIGH WORKING POC

Aegon Life v1.0 - RCE

An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file.

CVSS 8.1

View Code

CVE-2024-44727 WRITEUP CRITICAL WRITEUP

Sourcecodehero Event Management System 1.0 - SQL Injection

Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php.

CVSS 9.8

View Code

CVE-2024-45932 WRITEUP MEDIUM WRITEUP

Webkul Krayin Crm - XSS

Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.

CVSS 4.8

View Code

CVE-2024-45933 WRITEUP MEDIUM WRITEUP

OnlineNewsSite v1.0 - XSS

OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint.

CVSS 6.6

View Code

CVE-2024-36599 EXPLOITDB MEDIUM text WORKING POC

Aegon Life v1.0 - XSS

A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php.

CVSS 6.1

View Code

CVE-2024-36597 EXPLOITDB HIGH text WORKING POC

Aegon Life v1.0 - SQL Injection

Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.

CVSS 8.8

View Code