Divya Jain

6 exploits Active since May 2018
CVE-2018-11442 EXPLOITDB HIGH html WORKING POC
Easyservice Billing - CSRF
A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.
CVSS 8.8
CVE-2018-11535 EXPLOITDB CRITICAL text WORKING POC
Sitemakin Slac - SQL Injection
An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection.
CVSS 9.8
CVE-2018-11444 EXPLOITDB CRITICAL text WORKING POC
Easyservice Billing - SQL Injection
A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.
CVSS 9.8
CVE-2018-11445 EXPLOITDB HIGH html WORKING POC
Easyservice Billing - CSRF
A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.
CVSS 8.8
CVE-2018-11443 EXPLOITDB MEDIUM text WORKING POC
Easyservice Billing - XSS
The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.
CVSS 6.1
CVE-2018-11242 EXPLOITDB MEDIUM text WRITEUP
Makemytrip - Cleartext Storage
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
CVSS 6.5