Shivam Singh

2 exploits Active since Jul 2022
CVE-2026-21447 WRITEUP HIGH WRITEUP
Bagisto < 2.3.10 - Authenticated Insecure Direct Object Reference via Order ID Parameter
Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order ID parameter. This exposes sensitive purchase information and enables potential fraud. Version 2.3.10 patches the issue.
CVSS 7.1
CVE-2022-34140 EXPLOITDB MEDIUM text WORKING POC
Feehi CMS 2.1.1 - Stored Cross-Site Scripting via Username Field
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.
CVSS 5.4