Ko-kn3t

8 exploits Active since Sep 2020
CVE-2020-29156 NOMISEC MEDIUM WRITEUP
Woocommerce < 4.7.0 - IDOR
The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action.
3 stars
CVSS 5.3
CVE-2020-25515 NOMISEC HIGH WRITEUP
Simple Library Management System - Unrestricted File Upload
Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.
3 stars
CVSS 7.8
CVE-2020-25273 NOMISEC CRITICAL WRITEUP
Online Bus Booking System - SQL Injection
In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection.
1 stars
CVSS 9.8
CVE-2020-25270 NOMISEC MEDIUM WRITEUP
Phpgurukul Hostel Management System - XSS
PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.
1 stars
CVSS 5.4
CVE-2020-25487 NOMISEC HIGH WORKING POC
Phpgurukul Zoo Management System - SQL Injection
PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php.
1 stars
CVSS 7.8
CVE-2020-25272 NOMISEC MEDIUM WRITEUP
Online Bus Booking System - XSS
In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php.
1 stars
CVSS 6.1
CVE-2020-25514 NOMISEC HIGH WORKING POC
Simple Library Management System - SQL Injection
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php.
CVSS 8.4
CVE-2020-25271 NOMISEC MEDIUM WRITEUP
Phpgurukul Hospital Management System - XSS
PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.
CVSS 5.4