Saud Alenazi

18 exploits Active since Jan 2022
CVE-2022-50943 EXPLOITDB MEDIUM text WORKING POC
Moodle LMS 4.0 Cross-Site Scripting via course search.php
Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the search field in course/search.php to execute arbitrary scripts in users' browsers and steal session cookies.
CVSS 6.1
CVE-2024-58341 EXPLOITDB HIGH text WORKING POC
OpenCart Core 4.0.2.3 SQL Injection via search Parameter
OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'search' parameter. Attackers can send GET requests to the product search endpoint with malicious 'search' values to extract sensitive database information using boolean-based blind or time-based blind SQL injection techniques.
CVSS 8.2
CVE-2025-50251 EXPLOITDB CRITICAL text WORKING POC
makeplane plane 0.23.1 - Server-Side Request Forgery via Password Recovery
Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery.
CVSS 9.1
CVE-2022-31856 EXPLOITDB CRITICAL text WORKING POC
Newsletter Module v3.x - SQL Injection via zemez_newsletter_email Parameter
Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.
CVSS 9.8
CVE-2022-50924 EXPLOITDB HIGH text WRITEUP
Private Internet Access <3.3 - Code Injection
Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.
CVSS 8.4
CVE-2022-29320 EXPLOITDB HIGH text WRITEUP
MiniTool Partition Wizard v12.0 - Privilege Escalation
MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVSS 7.8
CVE-2022-27095 EXPLOITDB HIGH text WRITEUP
BattlEye v0.9 - Privilege Escalation
BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVSS 7.8
CVE-2022-27094 EXPLOITDB MEDIUM text WRITEUP
Sony PlayMemories Home v6.0 - Privilege Escalation
Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVSS 6.7
CVE-2022-26634 EXPLOITDB HIGH text WRITEUP
HMA VPN <5.3.5913.0 - Privilege Escalation
HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVSS 7.8
CVE-2022-26633 EXPLOITDB CRITICAL text WORKING POC
Simple Student Quarterly Result/Grade System v1.0 - SQL Injection
Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php.
CVSS 9.8
CVE-2022-26632 EXPLOITDB CRITICAL text WORKING POC
Multi-Vendor Online Groceries Management System v1.0 - SQL Injection
Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php.
CVSS 9.8
CVE-2022-25096 EXPLOITDB CRITICAL text WORKING POC
Home Owners Collection Management System 1.0 - SQL Injection via id Parameter
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php.
CVSS 9.8
CVE-2022-25095 EXPLOITDB CRITICAL text WORKING POC
Home Owners Collection Management System v1.0 - Info Disclosure
Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request.
CVSS 9.8
CVE-2022-25094 EXPLOITDB HIGH text WORKING POC
Home Owners Collection Management System v1.0 - Remote Code Execution via SystemSettings.php Cover Parameter
Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php.
CVSS 8.8
CVE-2021-46428 EXPLOITDB CRITICAL text WORKING POC
Sourcecodester Simple Chatbot App <1.0 - RCE
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php.
CVSS 9.8
CVE-2021-46427 EXPLOITDB CRITICAL text WORKING POC
Sourcecodester Simple Chatbot App 1.0 - SQL Injection
An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php.
CVSS 9.8
EIP-2026-117831 EXPLOITDB text WRITEUP
Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path
EIP-2026-117445 EXPLOITDB text WRITEUP
McAfee(R) Safe Connect VPN - Unquoted Service Path Elevation Of Privilege