Martin Kubecka

3 exploits Active since May 2022
CVE-2021-37413 WRITEUP CRITICAL WRITEUP
GRANDCOM DynWEB < 4.2 - Unauthenticated SQL Injection via Admin Login Interface
GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings.
CVSS 9.8
CVE-2021-41433 WRITEUP CRITICAL WRITEUP
Resumes Management and Job Application Website Application 1.0 - SQL Injection in Login Form
SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php.
CVSS 9.8
CVE-2021-41434 WRITEUP MEDIUM WRITEUP
Expense Management System 1.0 - Stored Cross-Site Scripting via index.php
A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php.
CVSS 5.4