BigTiger2020

44 exploits Active since Nov 2020
CVE-2020-25537 WRITEUP CRITICAL WRITEUP
Ucms - Unrestricted File Upload
File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.
CVSS 9.8
CVE-2020-26609 WRITEUP MEDIUM WRITEUP
fastadmin V1.0.0.20200506_beta - XSS
fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) vulnerability which may allow an attacker to obtain administrator credentials to log in to the background.
CVSS 5.4
CVE-2020-29279 WRITEUP CRITICAL WRITEUP
74CMS <6.0.48 - RCE
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.
CVSS 9.8
CVE-2020-29283 WRITEUP CRITICAL WRITEUP
Online Doctor Appointment Booking System - SQL Injection
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.
CVSS 9.8
CVE-2020-29285 WRITEUP CRITICAL WRITEUP
PHP/PDO 1.0 - SQL Injection
SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php.
CVSS 9.8
CVE-2020-35339 WRITEUP CRITICAL WRITEUP
74cms - Code Injection
In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server.
CVSS 9.8
CVE-2020-36002 WRITEUP HIGH WORKING POC
Seat-reservation-system - SQL Injection
Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information.
CVSS 7.5
CVE-2021-25204 WRITEUP MEDIUM WRITEUP
SourceCodester E-Commerce Website <1.0 - XSS
Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php.
CVSS 5.4
CVE-2021-25205 WRITEUP CRITICAL WRITEUP
SourceCodester E-Commerce Website V 1.0 - SQL Injection
SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php .
CVSS 9.8
CVE-2021-25206 WRITEUP CRITICAL WRITEUP
SourceCodester Responsive Ordering System <1.0 - RCE
Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php.
CVSS 9.8
CVE-2021-25207 WRITEUP CRITICAL WRITEUP
SourceCodester E-Commerce Website <1.0 - Code Injection
Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php.
CVSS 9.8
CVE-2021-25208 WRITEUP CRITICAL WRITEUP
SourceCodester Travel Management System <1.0 - RCE
Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php.
CVSS 9.8
CVE-2021-25209 WRITEUP CRITICAL WRITEUP
SourceCodester Theme Park Ticketing System <1.0 - SQL Injection
SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_user.php .
CVSS 9.8
CVE-2021-25210 WRITEUP CRITICAL WRITEUP
SourceCodester Alumni Management System <1.0 - RCE
Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to manage_event.php.
CVSS 9.8
CVE-2021-25211 WRITEUP CRITICAL WRITEUP
SourceCodester Ordering System <1.0 - RCE
Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php.
CVSS 9.8
CVE-2021-25212 WRITEUP CRITICAL WRITEUP
SourceCodester Alumni Management System <1.0 - SQL Injection
SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to manage_event.php.
CVSS 9.8
CVE-2021-25213 WRITEUP CRITICAL WRITEUP
SourceCodester Travel Management System <1.0 - SQL Injection
SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php.
CVSS 9.8
CVE-2021-26223 WRITEUP CRITICAL WRITEUP
Casap Automated Enrollment System - SQL Injection
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_pay.php.
CVSS 9.8
CVE-2021-26224 WRITEUP MEDIUM WRITEUP
Fantastic Blog - XSS
Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote attackers to inject arbitrary web script or HTML via the search field to search.php.
CVSS 6.1
CVE-2021-26226 WRITEUP CRITICAL WRITEUP
Casap Automated Enrollment System - SQL Injection
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_user.php.
CVSS 9.8
CVE-2021-26227 WRITEUP MEDIUM WRITEUP
Casap Automated Enrollment System - XSS
Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the student information parameters to edit_stud.php.
CVSS 6.1
CVE-2021-26228 WRITEUP CRITICAL WRITEUP
Casap Automated Enrollment System - SQL Injection
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php.
CVSS 9.8
CVE-2021-26229 WRITEUP CRITICAL WRITEUP
Casap Automated Enrollment System - SQL Injection
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_stud.php.
CVSS 9.8
CVE-2021-26230 WRITEUP MEDIUM WRITEUP
Casap Automated Enrollment System - XSS
Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to save_user.php.
CVSS 6.1
CVE-2021-26231 WRITEUP CRITICAL WRITEUP
Fantastic Blog Cms - SQL Injection
SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php.
CVSS 9.8