Efe Kaan AKKAR

8 exploits Active since Jan 2026
CVE-2026-39109 WRITEUP CRITICAL WRITEUP
Apartment Visitors Management System 1.1 - SQL Injection
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database contents.
CVSS 9.4
CVE-2026-39110 WRITEUP HIGH WRITEUP
Apartment Visitors Management System V1.1 - SQL Injection
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database contents.
CVSS 8.2
CVE-2026-39111 WRITEUP HIGH WRITEUP
Apartment Visitors Management System 1.1 - SQL Injection
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the email parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backend SQL queries and retrieve sensitive user data.
CVSS 7.5
CVE-2026-39112 WRITEUP MEDIUM WRITEUP
Apartment Visitors Management System V1.1 - XSS
Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in manage-newvisitors.php or visitor-detail.php.
CVSS 5.4
CVE-2025-70890 WRITEUP MEDIUM WRITEUP
Cyber Cafe Management System 1.0 - Authenticated Stored Cross-Site Scripting via Username Parameter
A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s browser when the affected page is accessed.
CVSS 6.1
CVE-2025-70891 WRITEUP MEDIUM WRITEUP
Phpgurukul Cyber Cafe Management System 1.0 - Stored XSS via User Management uadd Parameter
A stored cross-site scripting (XSS) vulnerability exists in Phpgurukul Cyber Cafe Management System v1.0 within the user management module. The application does not properly sanitize or encode user-supplied input submitted via the uadd parameter in the add-users.php endpoint. An authenticated attacker can inject arbitrary JavaScript code that is persistently stored in the database. The malicious payload is triggered when a privileged user clicks the View button on the view-allusers.php page.
CVSS 6.1
CVE-2025-70892 WRITEUP CRITICAL WRITEUP
Phpgurukul Cyber Cafe Management System 1.0 - SQL Injection via Username Parameter
Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint.
CVSS 9.8
CVE-2025-70893 WRITEUP HIGH WRITEUP
PHPGurukul Cyber Cafe Management System 1.0 - Authenticated Time-Based Blind SQL Injection via adminname Parameter
A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL expressions.
CVSS 8.8