Mohamed habib Smidi

5 exploits Active since Jul 2021
CVE-2021-25790 NOMISEC MEDIUM SUSPICIOUS
House Rental and Property Listing 1.0 - Authenticated Stored Cross-Site Scripting in Register Module
Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number.
1 stars
CVSS 5.4
CVE-2021-25791 NOMISEC MEDIUM SUSPICIOUS
Online Doctor Appointment System 1.0 - Authenticated Stored Cross-Site Scripting in Update Profile Module
Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.
1 stars
CVSS 5.4
CVE-2021-25791 EXPLOITDB MEDIUM text WRITEUP
Online Doctor Appointment System 1.0 - Authenticated Stored Cross-Site Scripting in Update Profile Module
Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.
CVSS 5.4
CVE-2021-44653 EXPLOITDB CRITICAL text WORKING POC
Online Magazine Management System 1.0 - SQL Injection Authentication Bypass via Login Form
Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.
CVSS 9.8
CVE-2021-44655 EXPLOITDB CRITICAL text WORKING POC
Online Pre-owned/Used Car Showroom Management System 1.0 - SQL Injection Authentication Bypass via Login Form
Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application.
CVSS 9.8