Benjamin BALET - Security Researcher - Exploit Intelligence Platform

CVE-2022-34132 WRITEUP CRITICAL WRITEUP

Benjamin BALET Jorani v1.0 - SQL Injection

Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.

CVSS 9.8

View Code

CVE-2022-34133 WRITEUP MEDIUM WRITEUP

Jorani v1.0 - Cross-Site Scripting via Comment Parameter

Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php.

CVSS 6.1

View Code

CVE-2022-34134 WRITEUP HIGH WRITEUP

Jorani v1.0 - Cross-Site Request Forgery via Users.php Controller

Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.

CVSS 8.8

View Code