Mohamed habib Smidi (Craniums)

3 exploits Active since Jul 2021
CVE-2021-25791 EXPLOITDB MEDIUM text WRITEUP
Online Doctor Appointment System Php Full Source Code - XSS
Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.
CVSS 5.4
CVE-2021-44653 EXPLOITDB CRITICAL text WORKING POC
Oretnom23 Online Magazine Management System - SQL Injection
Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.
CVSS 9.8
CVE-2021-44655 EXPLOITDB CRITICAL text WORKING POC
Online Pre-owned/used Car Showroom Management System - SQL Injection
Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application.
CVSS 9.8