Rahul Ramkumar - Security Researcher - Exploit Intelligence Platform

CVE-2020-25761 EXPLOITDB MEDIUM python WORKING POC

Projectworlds Visitor Management System - XSS

Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc.

CVSS 6.1

View Code

CVE-2020-25760 EXPLOITDB HIGH text WORKING POC

Projectworlds Visitor Management System - SQL Injection

Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.

CVSS 8.8

View Code

EIP-2026-111964 EXPLOITDB python WORKING POC

Seat Reservation System 1.0 - Remote Code Execution (Unauthenticated)

View Code

CVE-2020-25762 EXPLOITDB CRITICAL text WORKING POC

Seat Reservation System - SQL Injection

An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc.

CVSS 9.1

View Code