Rahad Chowdhury

8 exploits Active since Mar 2022
CVE-2021-47981 EXPLOITDB MEDIUM text WORKING POC
Quick.CMS 6.7 Cross-Site Scripting via CSRF to Sliders Form
Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute arbitrary JavaScript in victim browsers when the form is submitted.
CVSS 5.4
CVE-2021-47980 EXPLOITDB HIGH text WORKING POC
Fuel CMS 1.4.13 Blind SQL Injection via col Parameter
Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col' parameter to extract database information based on response time delays.
CVSS 7.1
CVE-2025-34504 EXPLOITDB MEDIUM text WRITEUP
KodExplorer 4.52 - Open Redirect via User Login Link Parameter
KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication.
CVSS 6.1
CVE-2021-43701 EXPLOITDB MEDIUM text WORKING POC
CSZ CMS 1.2.9 - SQL Injection via fieldS[] and orderby Parameters
CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters.
CVSS 6.5
CVE-2023-31699 EXPLOITDB MEDIUM text WRITEUP
ChurchCRM 4.5.4 - Reflected Cross-Site Scripting via Image File
ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.
CVSS 4.8
CVE-2023-31698 EXPLOITDB MEDIUM text WORKING POC
Bludit 3.14.1 - Stored Cross-Site Scripting via SVG Site Logo Upload
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).
CVSS 5.4
CVE-2023-29849 EXPLOITDB HIGH text WORKING POC
Bang Resto 1.0 - SQL Injection via btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty Parameter
Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter.
CVSS 8.8
CVE-2023-29848 EXPLOITDB MEDIUM text WORKING POC
Bang Resto 1.0 - Stored Cross-Site Scripting via itemName Parameter
Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function.
CVSS 4.8