Shubham Pandey

11 exploits Active since Aug 2023
CVE-2024-27744 GITHUB MEDIUM WRITEUP
Petrol Pump Mangement Software v.1.0 - XSS
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component.
1 stars
CVSS 6.1
CVE-2024-27743 GITHUB MEDIUM WRITEUP
Petrol Pump MGMT Software v.1.0 - XSS
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component.
1 stars
CVSS 6.1
CVE-2024-27747 GITHUB CRITICAL WRITEUP
Petrol Pump Mangement Software <1.0 - RCE
File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component.
1 stars
CVSS 9.8
CVE-2024-27746 GITHUB CRITICAL WRITEUP
Petrol Pump Mangement Software <1.0 - SQL Injection
SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component.
1 stars
CVSS 9.8
CVE-2024-28595 GITHUB CRITICAL WRITEUP
Walterjnr1 Employee Management System - SQL Injection
SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php.
1 stars
CVSS 9.8
CVE-2024-28595 EXPLOITDB CRITICAL text WORKING POC
Walterjnr1 Employee Management System - SQL Injection
SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php.
CVSS 9.8
CVE-2023-37569 EXPLOITDB HIGH bash WORKING POC
Esds.co Emagic Data Center Management < 6.0 - OS Command Injection
This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.
CVSS 8.8
CVE-2024-27746 EXPLOITDB CRITICAL text WORKING POC
Petrol Pump Mangement Software <1.0 - SQL Injection
SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component.
CVSS 9.8
CVE-2024-27747 EXPLOITDB CRITICAL text WORKING POC
Petrol Pump Mangement Software <1.0 - RCE
File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component.
CVSS 9.8
CVE-2024-27743 EXPLOITDB MEDIUM text WORKING POC
Petrol Pump MGMT Software v.1.0 - XSS
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component.
CVSS 6.1
CVE-2024-27744 EXPLOITDB MEDIUM text WORKING POC
Petrol Pump Mangement Software v.1.0 - XSS
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component.
CVSS 6.1