Shuvo Ahmed Sanin

12 exploits Active since Oct 2025
CVE-2025-11481 WRITEUP MEDIUM WRITEUP
varunsardana004 Blood-Bank-And-Donation-Management-System < 2021-03-18 - SQL Injection via Fullname Parameter
A flaw has been found in varunsardana004 Blood-Bank-And-Donation-Management-System up to dc9e0393d826fbc85fad9755b5bc12cba1919df2. The impacted element is an unknown function of the file /donate_blood.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.
CVSS 6.3
CVE-2025-12332 WRITEUP LOW WRITEUP
SourceCodester Student Grades Management System 1.0 - Cross-Site Scripting in delete_user Function
A flaw has been found in SourceCodester Student Grades Management System 1.0. This affects the function delete_user of the file /admin.php. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used.
CVSS 2.4
CVE-2025-63442 WRITEUP MEDIUM WRITEUP
Simple User Management System with PHP-MySQL v1.0 - XSS
Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser
CVSS 4.6
CVE-2025-63443 WRITEUP MEDIUM WRITEUP
School Management System PHP v1.0 - XSS
School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter.
CVSS 5.4
CVE-2025-63446 WRITEUP MEDIUM WRITEUP
Water Management System 1.0 - Stored Cross-Site Scripting in /add_vendor.php
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.
CVSS 6.1
CVE-2025-63447 WRITEUP MEDIUM WRITEUP
Water Management System 1.0 - Stored Cross-Site Scripting in add_customer.php
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php.
CVSS 6.1
CVE-2025-63448 WRITEUP MEDIUM WRITEUP
Water Management System 1.0 - Stored Cross-Site Scripting in /edit_product.php
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.
CVSS 6.1
CVE-2025-63449 WRITEUP MEDIUM WRITEUP
Water Management System 1.0 - Cross-Site Scripting in /orders.php
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.
CVSS 5.4
CVE-2025-63450 WRITEUP MEDIUM WRITEUP
Car-Booking-System-PHP 1.0 - Cross-Site Scripting in Booking Page
Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php.
CVSS 5.4
CVE-2025-63451 WRITEUP CRITICAL WRITEUP
Car-Booking-System-PHP v.1.0 - SQL Injection
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.
CVSS 9.8
CVE-2025-63452 WRITEUP CRITICAL WRITEUP
Car-Booking-System-PHP <1.0 - SQL Injection
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php.
CVSS 9.4
CVE-2025-63453 WRITEUP CRITICAL WRITEUP
Car-Booking-System-PHP v.1.0 - SQL Injection
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php.
CVSS 9.8