G37SYS73M - Security Researcher - Exploit Intelligence Platform

CVE-2023-27742 NOMISEC CRITICAL WRITEUP

idurar ERP/CRM v1 - SQL Injection via /api/login

IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.

CVSS 9.8

View Code

CVE-2022-36193 NOMISEC CRITICAL SUSPICIOUS

School Management System 1.0 - SQL Injection

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.

CVSS 9.8

View Code

CVE-2022-46087 NOMISEC MEDIUM WRITEUP

CloudSchool 3.0.1 - Stored Cross-Site Scripting via Notification

CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user.

CVSS 5.4

View Code