Florian Walter

23 exploits Active since Sep 2023
CVE-2023-38870 WRITEUP CRITICAL WRITEUP
gugoan Economizzer <0.9-beta1 - SQL Injection
A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection.
CVSS 9.8
CVE-2023-38871 WRITEUP MEDIUM WRITEUP
gugoan Economizzer <0.9-beta1 - Info Disclosure
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses.
CVSS 5.3
CVE-2023-38872 WRITEUP LOW WRITEUP
gugoan Economizzer <0.9-beta1 - IDOR
An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.
CVSS 3.7
CVE-2023-38874 WRITEUP HIGH WRITEUP
gugoan's Economizzer v.0.9-beta1 - RCE
A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands.
CVSS 8.8
CVE-2023-38875 WRITEUP MEDIUM WRITEUP
msaad1999's PHP-Login-System 2.0.1 - XSS
A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'.
CVSS 6.1
CVE-2023-38876 WRITEUP MEDIUM WRITEUP
msaad1999's PHP-Login-System 2.0.1 - XSS
A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'.
CVSS 6.1
CVE-2023-38877 WRITEUP HIGH WRITEUP
gugoan's Economizzer <0.9-beta1 - Host Header Injection
A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This allows an attacker to reset other users' passwords.
CVSS 8.8
CVE-2023-38878 WRITEUP MEDIUM WRITEUP
DevCode OpenSTAManager <2.4.48 - XSS
A reflected cross-site scripting (XSS) vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'error_description' parameters of 'oauth2.php'.
CVSS 6.1
CVE-2023-38879 WRITEUP HIGH WRITEUP
openSIS Classic <9.0 - Path Traversal
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.
CVSS 7.5
CVE-2023-38880 WRITEUP CRITICAL WRITEUP
openSIS Classic 9.0 - Info Disclosure
The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup<date>.sql" (e.g. "opensisBackup07-20-2023.sql"), i.e. can easily be guessed. This file can be accessed by any unauthenticated actor and contains a dump of the whole database including password hashes.
CVSS 9.8
CVE-2023-38881 WRITEUP MEDIUM WRITEUP
openSIS Classic 9.0 - XSS
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendar_id', 'school_date', 'month' or 'year' parameters in 'CalendarModal.php'.
CVSS 6.1
CVE-2023-38882 WRITEUP MEDIUM WRITEUP
openSIS Classic 9.0 - XSS
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php'
CVSS 6.1
CVE-2023-38883 WRITEUP MEDIUM WRITEUP
openSIS Classic 9.0 - XSS
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'.
CVSS 6.1
CVE-2023-38884 WRITEUP HIGH WRITEUP
openSIS Classic 9.0 - IDOR
An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>'
CVSS 7.5
CVE-2023-38885 WRITEUP HIGH WRITEUP
OpenSIS Classic CE <9.0 - CSRF
OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request.
CVSS 8.8
CVE-2023-39655 WRITEUP CRITICAL WRITEUP
Perfood Couchauth < 0.20.0 - Injection
A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users' passwords and take over their accounts.
CVSS 9.6
CVE-2023-40617 WRITEUP MEDIUM WRITEUP
OpenKnowledgeMaps Head Start 7 - XSS
A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'file' parameter in 'displayPDF.php'.
CVSS 6.1
CVE-2023-40618 WRITEUP MEDIUM WRITEUP
OpenKnowledgeMaps Head Start <8 - XSS
A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in 'headstart_snapshot.php'.
CVSS 6.1
CVE-2023-40619 WRITEUP CRITICAL WRITEUP
phpPgAdmin <7.14.4 - Code Injection
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.
CVSS 9.8
CVE-2024-26470 WRITEUP HIGH WRITEUP
Fullstackhero .net 9 Starter Kit - Information Disclosure
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request.
CVSS 8.1
CVE-2024-26471 WRITEUP MEDIUM WRITEUP
Msaad1999 Klik Socialmediawebsite - XSS
A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBarn v1.5 allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in offer.php.
CVSS 5.4
CVE-2024-26472 WRITEUP MEDIUM WRITEUP
Msaad1999 Klik Socialmediawebsite - XSS
KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of 'create-new-pwd.php'.
CVSS 6.1
CVE-2024-26473 WRITEUP MEDIUM WRITEUP
Msaad1999 Klik Socialmediawebsite - XSS
A reflected cross-site scripting (XSS) vulnerability in SocialMediaWebsite v1.0.1 allows attackers to inject malicious JavaScript into the web browser of a victim via the poll parameter in poll.php.
CVSS 6.1