Florian Walter

24 exploits Active since Sep 2023
CVE-2023-38873 WRITEUP MEDIUM WRITEUP
gugoan Economizzer <0.9-beta1 - CSRF
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.
CVSS 6.5
CVE-2023-38870 WRITEUP CRITICAL WRITEUP
gugoan Economizzer <0.9-beta1 - SQL Injection
A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection.
CVSS 9.8
CVE-2023-38871 WRITEUP MEDIUM WRITEUP
gugoan Economizzer <0.9-beta1 - Info Disclosure
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses.
CVSS 5.3
CVE-2023-38872 WRITEUP LOW WRITEUP
gugoan Economizzer <0.9-beta1 - IDOR
An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.
CVSS 3.7
CVE-2023-38874 WRITEUP HIGH WRITEUP
gugoan's Economizzer v.0.9-beta1 - RCE
A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands.
CVSS 8.8
CVE-2023-38875 WRITEUP MEDIUM WRITEUP
msaad1999's PHP-Login-System 2.0.1 - XSS
A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'.
CVSS 6.1
CVE-2023-38876 WRITEUP MEDIUM WRITEUP
msaad1999's PHP-Login-System 2.0.1 - XSS
A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'.
CVSS 6.1
CVE-2023-38877 WRITEUP HIGH WRITEUP
gugoan's Economizzer <0.9-beta1 - Host Header Injection
A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This allows an attacker to reset other users' passwords.
CVSS 8.8
CVE-2023-38878 WRITEUP MEDIUM WRITEUP
DevCode OpenSTAManager <2.4.48 - XSS
A reflected cross-site scripting (XSS) vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'error_description' parameters of 'oauth2.php'.
CVSS 6.1
CVE-2023-38879 WRITEUP HIGH WRITEUP
openSIS Classic <9.0 - Path Traversal
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.
CVSS 7.5
CVE-2023-38880 WRITEUP CRITICAL WRITEUP
openSIS Classic 9.0 - Info Disclosure
The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup<date>.sql" (e.g. "opensisBackup07-20-2023.sql"), i.e. can easily be guessed. This file can be accessed by any unauthenticated actor and contains a dump of the whole database including password hashes.
CVSS 9.8
CVE-2023-38881 WRITEUP MEDIUM WRITEUP
OS4ED openSIS Classic 9.0 - Reflected Cross-Site Scripting via CalendarModal.php Parameters
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendar_id', 'school_date', 'month' or 'year' parameters in 'CalendarModal.php'.
CVSS 6.1
CVE-2023-38882 WRITEUP MEDIUM WRITEUP
OS4ED openSIS Classic 9.0 - Reflected Cross-Site Scripting via ForExport.php Include Parameter
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php'
CVSS 6.1
CVE-2023-38883 WRITEUP MEDIUM WRITEUP
OS4ED openSIS Classic 9.0 - Reflected Cross-Site Scripting via ParentLookup.php ajax Parameter
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'.
CVSS 6.1
CVE-2023-38884 WRITEUP HIGH WRITEUP
openSIS Classic 9.0 - Unauthenticated Insecure Direct Object Reference via Student Files Endpoint
An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>'
CVSS 7.5
CVE-2023-38885 WRITEUP HIGH WRITEUP
OpenSIS Classic Community Edition 9.0 - Cross-Site Request Forgery
OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request.
CVSS 8.8
CVE-2023-39655 WRITEUP CRITICAL WRITEUP
@perfood/couch-auth <= 0.20.0 - Host Header Injection via Forgot Password Request
A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users' passwords and take over their accounts.
CVSS 9.6
CVE-2023-40617 WRITEUP MEDIUM WRITEUP
OpenKnowledgeMaps Head Start 7 - XSS
A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'file' parameter in 'displayPDF.php'.
CVSS 6.1
CVE-2023-40618 WRITEUP MEDIUM WRITEUP
OpenKnowledgeMaps Head Start <8 - XSS
A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in 'headstart_snapshot.php'.
CVSS 6.1
CVE-2023-40619 WRITEUP CRITICAL WRITEUP
phpPgAdmin <7.14.4 - Code Injection
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.
CVSS 9.8
CVE-2024-26470 WRITEUP HIGH WRITEUP
FullStackHero .NET 9 Starter Kit 1.0.0-1.0.1 - Password Reset Token Exposure via Host Header Injection
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request.
CVSS 8.1
CVE-2024-26471 WRITEUP MEDIUM WRITEUP
klik_socialmediawebsite - Reflected Cross-Site Scripting via Search Parameter
A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBarn v1.5 allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in offer.php.
CVSS 5.4
CVE-2024-26472 WRITEUP MEDIUM WRITEUP
KLiK SocialMediaWebsite 1.0.1 - Reflected Cross-Site Scripting via Selector or Validator Parameters
KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of 'create-new-pwd.php'.
CVSS 6.1
CVE-2024-26473 WRITEUP MEDIUM WRITEUP
KLiK SocialMediaWebsite 1.0.1 - Reflected Cross-Site Scripting via Poll Parameter
A reflected cross-site scripting (XSS) vulnerability in SocialMediaWebsite v1.0.1 allows attackers to inject malicious JavaScript into the web browser of a victim via the poll parameter in poll.php.
CVSS 6.1