Le Thi Huyen My (@Huy3nMy)

4 exploits Active since Nov 2022
CVE-2022-4228 WRITEUP MEDIUM WRITEUP
Book Store Management System 1.0 - Information Disclosure via User Edit Password Parameter
A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214587.
CVSS 5.3
CVE-2022-4229 WRITEUP HIGH WRITEUP
Book Store Management System 1.0 - Improper Access Control in /bsms_ci/index.php
A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588.
CVSS 7.3
CVE-2022-4231 WRITEUP MEDIUM WRITEUP
Tribal Systems Zenario CMS 9.3.57595 - Session Fixation
A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214589 was assigned to this vulnerability.
CVSS 4.2
CVE-2022-45613 WRITEUP MEDIUM WORKING POC
Book Store Management System 1.0 - Stored Cross-Site Scripting via Publisher Parameter
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the publisher parameter.
CVSS 5.4