Boumediene KADDOUR

5 exploits Active since Nov 2017
CVE-2018-18704 EXPLOITDB CRITICAL text WORKING POC
PhpTpoint Pharmacy Management System - SQL Injection via index.php Username Parameter
PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter.
CVSS 9.8
EIP-2026-113317 EXPLOITDB text WORKING POC
Webiness Inventory 2.9 - Arbitrary File Upload
EIP-2026-111222 EXPLOITDB text WORKING POC
phptpoint Hospital Management System 1.0 - 'user' SQL injection
EIP-2026-111224 EXPLOITDB text WORKING POC
phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection
CVE-2017-16962 EXPLOITDB MEDIUM text WORKING POC
CommuniGate Pro < 6.2.1 - Stored Cross-Site Scripting via Calendar Invitation or Directory Name
The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component.
CVSS 6.1