Ko-kn3t

8 exploits Active since Sep 2020
CVE-2020-29156 NOMISEC MEDIUM WRITEUP
WooCommerce < 4.7.0 - Unauthenticated Arbitrary Order Status Disclosure via order_id Parameter
The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action.
3 stars
CVSS 5.3
CVE-2020-25515 NOMISEC HIGH WRITEUP
Simple Library Management System 1.0 - Unrestricted File Upload via New Book Feature
Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.
3 stars
CVSS 7.8
CVE-2020-25273 NOMISEC CRITICAL WRITEUP
Online Bus Booking System 1.0 - Authentication Bypass via SQL Injection in Admin Login
In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection.
1 stars
CVSS 9.8
CVE-2020-25270 NOMISEC MEDIUM WRITEUP
PHPGurukul hostel-management-system 2.1 - Stored XSS via Guardian Name/Relation/Contact/Address/City
PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.
1 stars
CVSS 5.4
CVE-2020-25487 NOMISEC HIGH WORKING POC
PHPGURUKUL Zoo Management System 1.0 - SQL Injection via animal-detail.php
PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php.
1 stars
CVSS 7.8
CVE-2020-25272 NOMISEC MEDIUM WRITEUP
Online Bus Booking System 1.0 - Cross-Site Scripting via Name Parameter in book_now.php
In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php.
1 stars
CVSS 6.1
CVE-2020-25514 NOMISEC HIGH WORKING POC
Simple Library Management System 1.0 - Incorrect Access Control via Login Panel
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php.
CVSS 8.4
CVE-2020-25271 NOMISEC MEDIUM WRITEUP
PHPGurukul hospital_management_system 4.0 - Cross-Site Scripting via Multiple Search and Appointment Pages
PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.
CVSS 5.4