Sainadh Jamalpur

6 exploits Active since Dec 2018
CVE-2018-1000871 EXPLOITDB CRITICAL text WORKING POC
HotelDruid HotelDruid <2.3.0 - SQL Injection
HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done by anyone via specially crafted sql query passed to the "id_utente_mod=1" parameter.
CVSS 9.8
CVE-2018-1000890 EXPLOITDB HIGH text WORKING POC
FrontAccounting 2.4.5 - SQL Injection
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.
CVSS 7.5
EIP-2026-117724 EXPLOITDB text WRITEUP
OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path
EIP-2026-117344 EXPLOITDB text WRITEUP
IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path
EIP-2026-107650 EXPLOITDB html WORKING POC
Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password)
CVE-2019-16679 EXPLOITDB MEDIUM text WORKING POC
Gila CMS <1.11.1 - Path Traversal
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
CVSS 4.9