BigTiger2020

44 exploits Active since Nov 2020
CVE-2021-26232 WRITEUP CRITICAL WRITEUP
Simple College Website 1.0 - SQL Injection via News ID Parameter
SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to news.php.
CVSS 9.8
CVE-2021-27332 WRITEUP MEDIUM WRITEUP
SourceCodester CASAP Automated Enrollment System <1.0 - XSS
Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the class_name parameter to update_class.php.
CVSS 6.1
CVE-2021-37781 WRITEUP MEDIUM WRITEUP
Employee Record Management System 1.2 - Cross-Site Scripting via editempprofile.php
Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php.
CVSS 5.4
CVE-2021-37782 WRITEUP CRITICAL WRITEUP
Employee Record Management System 1.2 - SQL Injection via editempprofile.php
Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php.
CVSS 9.8
CVE-2021-38217 WRITEUP CRITICAL WRITEUP
SEMCMS 1.2 - SQL Injection via SEMCMS_User.php
SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php.
CVSS 9.8
CVE-2021-38729 WRITEUP CRITICAL WRITEUP
SEMCMS SHOP 1.1 - SQL Injection via Ant_Plist.php
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.
CVSS 9.8
CVE-2021-38730 WRITEUP CRITICAL WRITEUP
SEMCMS SHOP 1.1 - SQL Injection via Ant_Info.php
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.
CVSS 9.8
CVE-2021-38731 WRITEUP CRITICAL WRITEUP
SEMCMS SHOP 1.1 - SQL Injection via Ant_Zekou.php
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.
CVSS 9.8
CVE-2021-38732 WRITEUP CRITICAL WRITEUP
SEMCMS SHOP 1.1 - SQL Injection via Ant_Message.php
SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php.
CVSS 9.8
CVE-2021-38733 WRITEUP CRITICAL WRITEUP
SEMCMS SHOP 1.1 - SQL Injection via Ant_BlogCat.php
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.
CVSS 9.8
CVE-2021-38734 WRITEUP CRITICAL WRITEUP
SEMCMS SHOP 1.1 - SQL Injection via Ant_Menu.php
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.
CVSS 9.8
CVE-2021-38736 WRITEUP CRITICAL WRITEUP
SEMCMS Shop 1.1 - SQL Injection via Ant_Global.php
SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php.
CVSS 9.8
CVE-2021-38737 WRITEUP CRITICAL WRITEUP
SEMCMS 1.1 - SQL Injection via Ant_Pro.php
SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.
CVSS 9.8
CVE-2023-1634 WRITEUP MEDIUM WRITEUP
OTCMS 6.72 - Server-Side Request Forgery via UseCurl Function
A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/info_deal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224016.
CVSS 6.3
CVE-2023-1635 WRITEUP LOW WRITEUP
OTCMS 6.72 - Cross-Site Scripting via AutoRun Function in apiRun.php
A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was assigned to this vulnerability.
CVSS 3.5
CVE-2023-6300 WRITEUP LOW WRITEUP
SourceCodester Best Courier Management System 1.0 - XSS
A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function. The manipulation of the argument page with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246126 is the identifier assigned to this vulnerability.
CVSS 3.5
CVE-2023-6301 WRITEUP LOW WRITEUP
SourceCodester Best Courier Management System 1.0 - XSS
A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246127.
CVSS 3.5
CVE-2023-6305 WRITEUP MEDIUM WRITEUP
Free and Open Source Inventory Management System 1.0 - SQL Injection via suppliar_data.php columns Parameter
A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file ample/app/ajax/suppliar_data.php. The manipulation of the argument columns leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246131.
CVSS 6.3
CVE-2023-6306 WRITEUP MEDIUM WRITEUP
Free and Open Source Inventory Management System 1.0 - SQL Injection via columns Parameter
A vulnerability classified as critical has been found in SourceCodester Free and Open Source Inventory Management System 1.0. Affected is an unknown function of the file /ample/app/ajax/member_data.php. The manipulation of the argument columns leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246132.
CVSS 6.3