Eddie TC CHANG

10 exploits Active since Dec 2018
CVE-2018-19785 WRITEUP MEDIUM WRITEUP
PHP-Proxy <5.1.0 - XSS
PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php.
CVSS 6.1
CVE-2018-20420 WRITEUP MEDIUM WRITEUP
Weberp - Incorrect Permission Assignment
In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter.
CVSS 4.9
CVE-2019-7730 WRITEUP MEDIUM WRITEUP
MyWebSQL 3.7 - CSRF
MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI.
CVSS 5.7
CVE-2019-7731 WRITEUP CRITICAL WRITEUP
MyWebSQL 3.7 - RCE
MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file.
CVSS 9.8
CVE-2019-7747 WRITEUP CRITICAL WRITEUP
DbNinja 3.2.7 - Info Disclosure
DbNinja 3.2.7 allows session fixation via the data.php sessid parameter.
CVSS 9.6
CVE-2019-7748 WRITEUP MEDIUM WRITEUP
DbNinja 3.2.7 - XSS
_includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists.
CVSS 6.1
CVE-2022-35193 WRITEUP HIGH WRITEUP
Testlink - SQL Injection
TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.
CVSS 7.2
CVE-2022-35194 WRITEUP MEDIUM WRITEUP
Testlink - XSS
TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.
CVSS 5.4
CVE-2022-35195 WRITEUP HIGH WRITEUP
TestLink 1.9.20 - Info Disclosure
TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php
CVSS 7.2
CVE-2022-35196 WRITEUP HIGH WRITEUP
Testlink - CSRF
TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.
CVSS 8.8