Felipe Alcantara

4 exploits Active since Mar 2022
CVE-2022-26295 EXPLOITDB MEDIUM text WORKING POC
Online Project Time Management System v1.0 - XSS
A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field.
CVSS 5.4
CVE-2022-26293 EXPLOITDB CRITICAL text WORKING POC
Online Project Time Management System v1.0 - SQL Injection
Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php.
CVSS 9.8
CVE-2023-30330 EXPLOITDB CRITICAL bash WORKING POC
SoftExpert Excellence Suite 2.0-2.1.2 - Local File Inclusion via defaultframe_filter.php
SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php.
CVSS 9.8
CVE-2022-40684 EXPLOITDB CRITICAL bash WORKING POC
Fortinet Fortiproxy < 7.0.7 - Authentication Bypass
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
CVSS 9.8