Ratnesh Kumar

2 exploits Active since Feb 2025
CVE-2025-26157 WRITEUP MEDIUM WRITEUP
Beauty Parlour Management System V1.1 - SQL Injection via name POST Parameter
A SQL Injection vulnerability was found in /bpms/index.php in Source Code and Project Beauty Parlour Management System V1.1, which allows remote attackers to execute arbitrary code via the name POST request parameter.
CVSS 5.9
CVE-2025-26158 WRITEUP MEDIUM WRITEUP
Kashipara Online Attendance Management System V1.0 - Stored Cross-Site Scripting via Department Parameter
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter.
CVSS 5.6