Burak Sevben

64 exploits Active since Jan 2024
CVE-2024-24135 NOMISEC MEDIUM WRITEUP
Remyandrade Product Inventory With Export TO Excel - XSS
Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks.
CVSS 6.1
CVE-2024-24134 NOMISEC MEDIUM WRITEUP
Remyandrade Online Food Menu - XSS
Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section.
CVSS 4.8
CVE-2024-24136 NOMISEC MEDIUM WRITEUP
Remyandrade Math Game - XSS
The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks.
CVSS 6.1
CVE-2024-24141 NOMISEC CRITICAL WRITEUP
Remyandrade School Task Manager - SQL Injection
Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter.
CVSS 9.8
CVE-2024-24140 NOMISEC HIGH WRITEUP
Remyandrade Daily Habit Tracker - SQL Injection
Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'
CVSS 7.2
CVE-2024-24142 NOMISEC CRITICAL WRITEUP
Rems School Task Manager - SQL Injection
Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.
CVSS 9.8
CVE-2024-24139 NOMISEC HIGH WRITEUP
Remyandrade Login System With Email Verification - SQL Injection
Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the 'user' parameter.
CVSS 7.2
CVE-2024-25207 WRITEUP MEDIUM WRITEUP
Barangay Population Monitoring System v1.0 - XSS
Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Contact Number parameter.
CVSS 5.4
CVE-2024-25208 WRITEUP MEDIUM WRITEUP
Barangay Population Monitoring System v1.0 - XSS
Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name parameter.
CVSS 5.4
CVE-2024-25209 WRITEUP CRITICAL WRITEUP
Barangay Population Monitoring System 1.0 - SQL Injection
Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php.
CVSS 9.8
CVE-2024-25210 WRITEUP CRITICAL WRITEUP
Simple Expense Tracker v1.0 - SQL Injection
Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php.
CVSS 9.8
CVE-2024-25211 WRITEUP CRITICAL WRITEUP
Simple Expense Tracker v1.0 - SQL Injection
Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php.
CVSS 9.8
CVE-2024-25212 WRITEUP HIGH WRITEUP
Employee Managment System v1.0 - SQL Injection
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php.
CVSS 7.2
CVE-2024-25213 WRITEUP HIGH WRITEUP
Employee Managment System v1.0 - SQL Injection
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php.
CVSS 7.2
CVE-2024-25214 WRITEUP CRITICAL WRITEUP
Employee Managment System v1.0 - Auth Bypass
An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html.
CVSS 9.8
CVE-2024-25215 WRITEUP CRITICAL WRITEUP
Employee Managment System v1.0 - SQL Injection
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php.
CVSS 9.8
CVE-2024-25216 WRITEUP CRITICAL WRITEUP
Employee Managment System v1.0 - SQL Injection
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php.
CVSS 9.8
CVE-2024-25217 WRITEUP CRITICAL WRITEUP
Online Medicine Ordering System v1.0 - SQL Injection
Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /omos/?p=products/view_product.
CVSS 9.8
CVE-2024-25218 WRITEUP MEDIUM WRITEUP
Task Manager App v1.0 - XSS
A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php.
CVSS 6.1
CVE-2024-25219 WRITEUP MEDIUM WRITEUP
Task Manager App v1.0 - XSS
A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php.
CVSS 6.1
CVE-2024-25220 WRITEUP CRITICAL WRITEUP
Task Manager App v1.0 - SQL Injection
Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php.
CVSS 9.8
CVE-2024-25221 WRITEUP MEDIUM WRITEUP
Task Manager App v1.0 - XSS
A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php.
CVSS 6.1
CVE-2024-25222 WRITEUP CRITICAL WRITEUP
Task Manager App v1.0 - SQL Injection
Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php.
CVSS 9.8
CVE-2024-25223 WRITEUP CRITICAL WRITEUP
Simple Admin Panel App v1.0 - SQL Injection
Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php.
CVSS 9.8
CVE-2024-25224 WRITEUP MEDIUM WRITEUP
Simple Admin Panel App v1.0 - XSS
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under the Add Size function.
CVSS 5.4