Muhammad Navaid Zafar Ansari

13 exploits Active since Feb 2023
CVE-2023-0902 EXPLOITDB LOW text WORKING POC
Simple Food Ordering System 1.0 - Cross-Site Scripting in process_order.php
A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.
CVSS 3.5
EIP-2026-110100 EXPLOITDB text WORKING POC
Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated)
CVE-2023-0962 EXPLOITDB MEDIUM text WORKING POC
Music Gallery Site 1.0 - SQL Injection via Master.php GET Request Handler
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file Master.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221632.
CVSS 6.3
CVE-2023-0963 EXPLOITDB HIGH text WORKING POC
SourceCodester Music Gallery Site 1.0 - Improper Access Control in Users.php POST Request Handler
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221633 was assigned to this vulnerability.
CVSS 7.3
CVE-2023-0938 EXPLOITDB MEDIUM text WORKING POC
SourceCodester Music Gallery Site 1.0 - SQL Injection via cid Parameter in music_list.php
A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the component GET Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221553 was assigned to this vulnerability.
CVSS 6.3
CVE-2023-0961 EXPLOITDB MEDIUM text WORKING POC
Music Gallery Site 1.0 - SQL Injection via view_music_details.php id Parameter
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. This affects an unknown part of the file view_music_details.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221631.
CVSS 6.3
CVE-2023-0902 EXPLOITDB LOW text WORKING POC
Simple Food Ordering System 1.0 - Cross-Site Scripting in process_order.php
A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.
CVSS 3.5
CVE-2023-0905 EXPLOITDB HIGH text WORKING POC
SourceCodester Employee Task Management System 1.0 - Improper Authentication via changePasswordForEmployee.php
A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221454 is the identifier assigned to this vulnerability.
CVSS 7.3
CVE-2023-0904 EXPLOITDB MEDIUM text WORKING POC
SourceCodester Employee Task Management System 1.0 - SQL Injection via task_id Parameter
A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file task-details.php. The manipulation of the argument task_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221453 was assigned to this vulnerability.
CVSS 6.3
CVE-2023-0916 EXPLOITDB MEDIUM text WORKING POC
Auto Dealer Management System 1.0 - Improper Access Control in Users.php
A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221491.
CVSS 6.3
CVE-2023-0915 EXPLOITDB MEDIUM text WORKING POC
Auto Dealer Management System 1.0 - SQL Injection via Manage User ID Parameter
A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. Affected is an unknown function of the file /adms/admin/?page=user/manage_user. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221490 is the identifier assigned to this vulnerability.
CVSS 6.3
CVE-2023-0913 EXPLOITDB MEDIUM text WORKING POC
Auto Dealer Management System 1.0 - SQL Injection via Sell Vehicle ID Parameter
A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. This vulnerability affects unknown code of the file /adms/admin/?page=vehicles/sell_vehicle. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221482 is the identifier assigned to this vulnerability.
CVSS 4.7
CVE-2023-0912 EXPLOITDB MEDIUM text WORKING POC
Auto Dealer Management System 1.0 - SQL Injection via id Parameter in view_transaction Page
A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. This affects an unknown part of the file /adms/admin/?page=vehicles/view_transaction. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221481 was assigned to this vulnerability.
CVSS 4.7