Hamdi Sevben

30 exploits Active since Feb 2023
CVE-2023-7143 WRITEUP LOW WRITEUP
Client Details System 1.0 - Cross-Site Scripting via fname/lname/email/contact Parameters
A vulnerability was found in code-projects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/regester.php. The manipulation of the argument fname/lname/email/contact leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249146 is the identifier assigned to this vulnerability.
CVSS 2.4
CVE-2023-7149 WRITEUP LOW WRITEUP
code-projects QR Code Generator 1.0 - Cross-Site Scripting via download.php file Parameter
A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input "><iMg src=N onerror=alert(document.domain)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249153 was assigned to this vulnerability.
CVSS 3.5
CVE-2022-40032 EXPLOITDB CRITICAL text WORKING POC
Simple Task Managing System 1.0 - SQL Injection via login.php Username and Password Parameters
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.
CVSS 9.8
CVE-2022-40347 EXPLOITDB CRITICAL text WORKING POC
Intern Record System 1.0 - SQL Injection via Phone/Email/DeptType/Name Parameters
SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information.
CVSS 9.8
EIP-2026-105912 EXPLOITDB text WORKING POC
Client Details System 1.0 - SQL Injection