Ramil Mustafayev

3 exploits Active since Feb 2023
CVE-2023-37152 EXPLOITDB CRITICAL python WORKING POC
Online Art Gallery - Unrestricted File Upload
Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability.
CVSS 9.8
CVE-2023-36256 EXPLOITDB MEDIUM text WORKING POC
Online Examination System Project 1.0 - CSRF
The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin's consent. The email of the user to be deleted is passed as a parameter in the URL, which can be manipulated by the attacker. This could result in a loss of data.
CVSS 6.5
CVE-2020-29168 EXPLOITDB CRITICAL text WORKING POC
Online Doctor Appointment Booking System Php And Mysql - SQL Injection
SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint.
CVSS 9.8