Rahul Ramkumar

4 exploits Active since Sep 2020
CVE-2020-25761 EXPLOITDB MEDIUM python WORKING POC
Projectworlds Visitor Management System 1.0 - Cross-Site Scripting via myform.php Request Parameters
Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc.
CVSS 6.1
CVE-2020-25760 EXPLOITDB HIGH text WORKING POC
Projectworlds Visitor Management System in PHP 1.0 - SQL Injection via 'rid' Parameter
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.
CVSS 8.8
EIP-2026-111964 EXPLOITDB python WORKING POC
Seat Reservation System 1.0 - Remote Code Execution (Unauthenticated)
CVE-2020-25762 EXPLOITDB CRITICAL text WORKING POC
Seat Reservation System 1.0 - SQL Injection via admin_class.php Login Parameters
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc.
CVSS 9.1