RashidKhan Pathan

7 exploits Active since Oct 2022
CVE-2022-40471 NOMISEC CRITICAL WORKING POC
Clinic's Patient Management System 1.0 - RCE
Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php
9 stars
CVSS 9.8
CVE-2022-41445 NOMISEC MEDIUM WRITEUP
Record Management System using CodeIgniter 1.0 - XSS
A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page.
2 stars
CVSS 4.8
CVE-2022-40470 NOMISEC MEDIUM WRITEUP
Phpgurukul Blood Donor Management System - XSS
Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature.
2 stars
CVSS 4.8
CVE-2022-41446 NOMISEC MEDIUM WRITEUP
Record Management System using CodeIgniter <1.0 - Info Disclosure
An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data.
2 stars
CVSS 5.4
CVE-2022-43117 NOMISEC MEDIUM WRITEUP
Sourcecodester Password Storage App <1.0 - XSS
Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters.
1 stars
CVSS 5.4
CVE-2022-44830 NOMISEC HIGH WRITEUP
Sourcecodester Event Registration App v1.0 - Code Injection
Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.
1 stars
CVSS 7.8
CVE-2022-44939 WRITEUP HIGH SUSPICIOUS
Echatserver Easy Chat Server - Uncontrolled Search Path
Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.
CVSS 7.8