Rahad Chowdhury

8 exploits Active since Mar 2022
CVE-2025-34504 EXPLOITDB MEDIUM text WRITEUP
Kodcloud Kodexplorer - Open Redirect
KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication.
CVSS 6.1
EIP-2026-111641 EXPLOITDB text WORKING POC
Quick.CMS 6.7 - Cross Site Request Forgery (CSRF) to Cross Site Scripting (XSS) (Authenticated)
EIP-2026-107302 EXPLOITDB text WORKING POC
Fuel CMS 1.4.13 - 'col' Blind SQL Injection (Authenticated)
CVE-2021-43701 EXPLOITDB MEDIUM text WORKING POC
CSZ CMS 1.2.9 - SQL Injection
CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters.
CVSS 6.5
CVE-2023-31699 EXPLOITDB MEDIUM text WRITEUP
ChurchCRM <4.5.4 - XSS
ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.
CVSS 4.8
CVE-2023-31698 EXPLOITDB MEDIUM text WORKING POC
Bludit v3.14.1 - XSS
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).
CVSS 5.4
CVE-2023-29849 EXPLOITDB HIGH text WORKING POC
Hockeycomputindo Bang Resto - SQL Injection
Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter.
CVSS 8.8
CVE-2023-29848 EXPLOITDB MEDIUM text WORKING POC
Hockeycomputindo Bang Resto - XSS
Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function.
CVSS 4.8