NS Kumar (n1_x)

8 exploits Active since Feb 2022
CVE-2022-24231 WRITEUP CRITICAL WRITEUP
Simple Student Information System v1.0 - SQL Injection
Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student.
CVSS 9.8
CVE-2022-24571 WRITEUP CRITICAL WRITEUP
Car Driving School Management System v1.0 - SQL Injection
Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access.
CVSS 9.8
CVE-2022-24572 WRITEUP MEDIUM WRITEUP
Car Driving School Management System v1.0 - XSS
Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details.
CVSS 6.1
CVE-2022-26615 WRITEUP MEDIUM WRITEUP
College Website Content Management System 1.0 - Stored Cross-Site Scripting via User Profile Name Field
A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields.
CVSS 5.4
CVE-2022-29627 WRITEUP MEDIUM WRITEUP
Online Market Place Site 1.0 - Authorization Bypass via Insecure Direct Object Reference
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers.
CVSS 4.3
CVE-2022-30493 WRITEUP CRITICAL WRITEUP
Automotive Shop Management System 1.0 - SQL Injection via Product ID Parameter
In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation).
CVSS 9.8
CVE-2022-30494 WRITEUP MEDIUM WRITEUP
Automotive Shop Management System 1.0 - Stored Cross-Site Scripting in User Name Fields
In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs.
CVSS 5.4
CVE-2022-30495 WRITEUP CRITICAL WRITEUP
Automotive Shop Management System 1.0 - Unauthenticated Vertical Privilege Escalation via IDOR in Name ID Parameter
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation)
CVSS 9.8