Divya Jain

CVE-2018-11442 EXPLOITDB HIGH html WORKING POC

EasyService Billing 1.0 - Cross-Site Request Forgery via Quotation Creation

A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.

CVSS 8.8

View Code

CVE-2018-11535 EXPLOITDB CRITICAL text WORKING POC

SITEMAKIN SLAC 1.0 - SQL Injection via my_item_search Parameter

An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection.

CVSS 9.8

View Code

CVE-2018-11444 EXPLOITDB CRITICAL text WORKING POC

EasyService Billing 1.0 - SQL Injection via jobcard-ongoing.php q Parameter

A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.

CVSS 9.8

View Code

CVE-2018-11445 EXPLOITDB HIGH html WORKING POC

EasyService Billing 1.0 - Cross-Site Request Forgery on User Add Page

A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.

CVSS 8.8

View Code

CVE-2018-11443 EXPLOITDB MEDIUM text WORKING POC

EasyService Billing 1.0 - Cross-Site Scripting via jobcard-ongoing.php q Parameter

The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.

CVSS 6.1

View Code

CVE-2018-11242 EXPLOITDB MEDIUM text WRITEUP

MakeMyTrip 7.2.4 - Cleartext Storage of Sensitive Information in Local Databases

An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.

CVSS 6.5

View Code