Daniel Ortiz

4 exploits Active since Oct 2020
CVE-2020-36998 EXPLOITDB MEDIUM text WRITEUP
Forma.lms The E-Learning Suite 2.3.0.2 - XSS
Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbitrary JavaScript without proper input sanitization.
CVSS 6.4
CVE-2020-26802 EXPLOITDB HIGH text WORKING POC
forma.lms 2.3.0.2 - CSRF
forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover.
CVSS 8.8
EIP-2026-106342 EXPLOITDB python WORKING POC
Daily Expenses Management System 1.0 - 'username' SQL Injection
EIP-2026-106104 EXPLOITDB python WORKING POC
Complaint Management System 1.0 - 'username' SQL Injection