Mayur Parmar

6 exploits Active since Aug 2020
CVE-2020-36952 EXPLOITDB HIGH text WRITEUP
IObit Uninstaller 10 Pro - Privilege Escalation
IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malicious code that would execute with SYSTEM-level permissions during service startup.
CVSS 7.8
CVE-2020-25952 EXPLOITDB CRITICAL text WRITEUP
Phpgurukul User Registration & Login ... - SQL Injection
SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
CVSS 9.8
CVE-2020-29474 EXPLOITDB CRITICAL text WORKING POC
EGavilan Media EGM Address Book 1.0 - SQL Injection
EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.
CVSS 9.8
CVE-2020-29472 EXPLOITDB CRITICAL text WRITEUP
cPanel 1.0 - SQL Injection
EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.
CVSS 9.8
CVE-2020-29247 EXPLOITDB MEDIUM text WRITEUP
WonderCMS 3.1.3 - XSS
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.
CVSS 4.8
CVE-2020-24609 EXPLOITDB MEDIUM text WORKING POC
Savsoft Quiz <5.5 - XSS
TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie via crafted payload.
CVSS 6.1