Juan Manuel Fernandez (@TheXC3LL) from BlackArrow

2 exploits Active since Mar 2021
CVE-2020-28657 WRITEUP CRITICAL WORKING POC
Bittacora Bpanel - SQL Injection
In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.
CVSS 9.8
CVE-2022-43216 WRITEUP CRITICAL WORKING POC
AbrhilSoft Employee's Portal <5.6.2 - SQL Injection
AbrhilSoft Employee's Portal before v5.6.2 was discovered to contain a SQL injection vulnerability in the login page.
CVSS 9.1