Sajibe Kanti

6 exploits Active since Jan 2018
CVE-2023-54349 EXPLOITDB MEDIUM text WORKING POC
AmazCart CMS 3.4 Reflected Cross-Site Scripting via Search
AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when search history is viewed or results are displayed.
CVSS 6.1
CVE-2023-54348 EXPLOITDB HIGH text WORKING POC
ERPGo SaaS 3.9 CSV Injection via Vendor Creation
ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the exported CSV in a spreadsheet application. Attackers can add malicious formulas like =10+20+cmd|' /C calc'!A0 in the vendor creation form, which execute when the exported CSV file is opened in spreadsheet applications.
CVSS 8.8
CVE-2018-6391 EXPLOITDB HIGH html WORKING POC
Netis WF2419 V2.2.36123 - Cross-Site Request Forgery
A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings.
CVSS 8.8
CVE-2022-27412 EXPLOITDB CRITICAL text WORKING POC
Explore CMS 1.0 - SQL Injection via Page ID Parameter
Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request.
CVSS 9.8
EIP-2026-104150 EXPLOITDB text WORKING POC
Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS)
CVE-2018-6190 EXPLOITDB MEDIUM text WRITEUP
Netis WF2419 V3.2.41381 - Stored Cross-Site Scripting via MAC Filtering Description Field
Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.
CVSS 5.4