Jyotsna Adhana

12 exploits Active since Oct 2020
CVE-2020-28133 EXPLOITDB CRITICAL text WORKING POC
Simple Grocery Store Sales and Inventory System - Authentication Bypass and SQL Injection via Login
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php.
CVSS 9.8
CVE-2020-28130 EXPLOITDB CRITICAL text WORKING POC
Online Library Management System 1.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Image Upload
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).
CVSS 9.8
CVE-2020-28129 EXPLOITDB MEDIUM text WORKING POC
Gym Management System 1.0 - Stored Cross-Site Scripting via Package Name and Description Fields
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'.
CVSS 6.1
CVE-2020-29288 EXPLOITDB CRITICAL text WORKING POC
Gym Management System - SQL Injection
An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable.
CVSS 9.8
CVE-2020-27956 EXPLOITDB CRITICAL text WORKING POC
Car Rental Management System 1.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Image Upload
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).
CVSS 9.8
EIP-2026-114645 EXPLOITDB text WORKING POC
Zoo Management System 1.0 - Authentication Bypass
EIP-2026-111926 EXPLOITDB text WORKING POC
School Faculty Scheduling System 1.0 - Stored Cross Site Scripting POC
EIP-2026-111925 EXPLOITDB text WORKING POC
School Faculty Scheduling System 1.0 - Authentication Bypass POC
EIP-2026-111924 EXPLOITDB text WORKING POC
School Faculty Scheduling System 1.0 - 'username' SQL Injection
EIP-2026-111923 EXPLOITDB text WORKING POC
School Faculty Scheduling System 1.0 - 'id' SQL Injection
EIP-2026-111391 EXPLOITDB text WORKING POC
Point of Sales 1.0 - 'username' SQL Injection
EIP-2026-107539 EXPLOITDB text WORKING POC
Gym Management System 1.0 - Authentication Bypass