Saurav Shukla

6 exploits Active since Oct 2020
CVE-2021-3239 EXPLOITDB CRITICAL python WORKING POC
E-Learning System 1.0 - SQL Injection
E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell.
CVSS 9.8
CVE-2020-28140 EXPLOITDB CRITICAL text WORKING POC
Online Clothing Store - Unrestricted File Upload
SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.
CVSS 9.8
CVE-2020-28136 EXPLOITDB HIGH text WORKING POC
Phpgurukul Tourism Management System - Unrestricted File Upload
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.
CVSS 8.8
CVE-2020-28133 EXPLOITDB CRITICAL text WORKING POC
Simple Grocery Store Sales AND Invent... - SQL Injection
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php.
CVSS 9.8
CVE-2020-27956 EXPLOITDB CRITICAL text WORKING POC
Car Rental Management System - Unrestricted File Upload
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).
CVSS 9.8
EIP-2026-110169 EXPLOITDB text WORKING POC
Online Scheduling System 1.0 - 'username' SQL Injection