Dewanand Vishal - Security Researcher - Exploit Intelligence Platform

CVE-2025-56466 WRITEUP HIGH WRITEUP

Dietly 1.25.0 - Use of Hard-coded Credentials

Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information.

CVSS 7.5

View Code

CVE-2025-56467 WRITEUP MEDIUM WRITEUP

Axis Mobile App 9.9 - Info Disclosure

An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, and unspecified other information. NOTE: the Supplier's perspective is that this is an intended feature and "does not reveal much sensitive information."

CVSS 6.5

View Code

CVE-2025-65379 WRITEUP MEDIUM WRITEUP

PHPGurukul Billing System 1.0 - SQL Injection via Username or Mobileno Parameter

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query.

CVSS 6.5

View Code

CVE-2025-65380 WRITEUP MEDIUM WRITEUP

PHPGurukul Billing System 1.0 - SQL Injection via Username Parameter

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.

CVSS 6.5

View Code