Mahendra Purbia

3 exploits Active since Dec 2020
CVE-2021-47946 EXPLOITDB MEDIUM text WRITEUP
OpenCart 3.0.36 Account Takeover via Cross Site Request Forgery
OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and account information, then use password reset functionality to gain unauthorized access to compromised accounts.
CVSS 5.3
CVE-2020-36115 EXPLOITDB MEDIUM text WRITEUP
phpcrud - Stored Cross-Site Scripting via First Name or Last Name Parameter
Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'.
CVSS 5.4
CVE-2020-28838 EXPLOITDB LOW text WORKING POC
OpenCart 3.0.3.6 - Cross-Site Request Forgery in Cart Option
Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.
CVSS 3.5