Martin Kubecka

3 exploits Active since May 2022
CVE-2021-37413 WRITEUP CRITICAL WRITEUP
Grandcom Dynweb < 4.2 - SQL Injection
GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings.
CVSS 9.8
CVE-2021-41433 WRITEUP CRITICAL WRITEUP
Resumes Management And Job Applicatio... - SQL Injection
SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php.
CVSS 9.8
CVE-2021-41434 WRITEUP MEDIUM WRITEUP
Oretnom23 Expense Management System - XSS
A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php.
CVSS 5.4