Saud Alenazi

18 exploits Active since Jan 2022
CVE-2024-58341 EXPLOITDB HIGH text WORKING POC
OpenCart Core 4.0.2.3 SQL Injection via search Parameter
OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'search' parameter. Attackers can send GET requests to the product search endpoint with malicious 'search' values to extract sensitive database information using boolean-based blind or time-based blind SQL injection techniques.
CVSS 8.2
CVE-2025-50251 EXPLOITDB CRITICAL text WORKING POC
makeplane plane <0.23.1 - SSRF
Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery.
CVSS 9.1
CVE-2022-31856 EXPLOITDB CRITICAL text WORKING POC
Newsletter Module - SQL Injection
Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.
CVSS 9.8
CVE-2022-50924 EXPLOITDB HIGH text WRITEUP
Private Internet Access <3.3 - Code Injection
Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.
CVSS 8.4
CVE-2022-29320 EXPLOITDB HIGH text WRITEUP
MiniTool Partition Wizard v12.0 - Privilege Escalation
MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVSS 7.8
CVE-2022-27095 EXPLOITDB HIGH text WRITEUP
BattlEye v0.9 - Privilege Escalation
BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVSS 7.8
CVE-2022-27094 EXPLOITDB MEDIUM text WRITEUP
Sony PlayMemories Home v6.0 - Privilege Escalation
Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVSS 6.7
CVE-2022-26634 EXPLOITDB HIGH text WRITEUP
HMA VPN <5.3.5913.0 - Privilege Escalation
HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVSS 7.8
CVE-2022-26633 EXPLOITDB CRITICAL text WORKING POC
Simple Student Quarterly Result/Grade System v1.0 - SQL Injection
Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php.
CVSS 9.8
CVE-2022-26632 EXPLOITDB CRITICAL text WORKING POC
Multi-Vendor Online Groceries Management System v1.0 - SQL Injection
Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php.
CVSS 9.8
CVE-2022-25096 EXPLOITDB CRITICAL text WORKING POC
Home Owners Collection Management System - SQL Injection
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php.
CVSS 9.8
CVE-2022-25095 EXPLOITDB CRITICAL text WORKING POC
Home Owners Collection Management System v1.0 - Info Disclosure
Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request.
CVSS 9.8
CVE-2022-25094 EXPLOITDB HIGH text WORKING POC
Home Owners Collection Management System - Remote Code Execution
Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php.
CVSS 8.8
CVE-2021-46428 EXPLOITDB CRITICAL text WORKING POC
Sourcecodester Simple Chatbot App <1.0 - RCE
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php.
CVSS 9.8
CVE-2021-46427 EXPLOITDB CRITICAL text WORKING POC
Sourcecodester Simple Chatbot App 1.0 - SQL Injection
An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php.
CVSS 9.8
EIP-2026-117445 EXPLOITDB text WRITEUP
McAfee(R) Safe Connect VPN - Unquoted Service Path Elevation Of Privilege
EIP-2026-117831 EXPLOITDB text WRITEUP
Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path
EIP-2026-109587 EXPLOITDB text WORKING POC
Moodle LMS 4.0 - Cross-Site Scripting (XSS)