Aslam Anwar Mahimkar

8 exploits Active since Jun 2024
CVE-2024-36597 WRITEUP HIGH WRITEUP
Aegon Life v1.0 - SQL Injection via client_id Parameter
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.
CVSS 8.8
CVE-2024-36599 WRITEUP MEDIUM WRITEUP
Aegon Life Insurance Management System 1.0 - Cross-Site Scripting via insertClient.php Name Parameter
A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php.
CVSS 6.1
CVE-2024-36598 WRITEUP HIGH WORKING POC
Aegon Life 1.0 - Remote Code Execution via Crafted Image File Upload
An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file.
CVSS 8.1
CVE-2024-44727 WRITEUP CRITICAL WRITEUP
Sourcecodehero Event Management System 1.0 - SQL Injection
Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php.
CVSS 9.8
CVE-2024-45932 WRITEUP MEDIUM WRITEUP
Krayin CRM v1.3.0 - Stored Cross-Site Scripting via Organization Name Field
Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.
CVSS 4.8
CVE-2024-45933 WRITEUP MEDIUM WRITEUP
OnlineNewsSite 1.0 - Stored Cross-Site Scripting via Title and Summary Fields
OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint.
CVSS 6.6
CVE-2024-36599 EXPLOITDB MEDIUM text WORKING POC
Aegon Life Insurance Management System 1.0 - Cross-Site Scripting via insertClient.php Name Parameter
A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php.
CVSS 6.1
CVE-2024-36597 EXPLOITDB HIGH text WORKING POC
Aegon Life v1.0 - SQL Injection via client_id Parameter
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.
CVSS 8.8