Brian Lowe

2 exploits Active since Sep 2021

CVE-2021-40353 NOMISEC CRITICAL WRITEUP

openSIS 8.0 - SQL Injection

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the index.php USERNAME parameter. NOTE: this issue may exist because of an incomplete fix for CVE-2020-6637.

5 stars

CVSS 9.8

View Code

CVE-2021-40492 NOMISEC MEDIUM WORKING POC

Gibbon 22 - XSS

A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php).

1 stars

CVSS 6.1

View Code