Jason Colyvas - Security Researcher - Exploit Intelligence Platform

CVE-2021-41647 NOMISEC CRITICAL WRITEUP

Online Food Ordering Web App - SQL Injection

An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user.

CVSS 9.1

View Code

CVE-2021-41648 NOMISEC HIGH WRITEUP

Online-shopping-system-advanced - SQL Injection

An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input.

CVSS 7.5

View Code

CVE-2021-41649 NOMISEC CRITICAL WRITEUP

Online-shopping-system-advanced - SQL Injection

An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.

CVSS 9.8

View Code

CVE-2021-41651 NOMISEC HIGH WRITEUP

Hotel Management System - SQL Injection

A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php.

CVSS 7.5

View Code