SoSPiro

15 exploits Active since Nov 2022
CVE-2024-28322 WRITEUP CRITICAL WRITEUP
PuneethReddyHC Event Management 1.0 - SQL Injection via event_id Parameter
SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the event_id parameter in a crafted POST request.
CVSS 9.8
CVE-2024-3129 WRITEUP MEDIUM WRITEUP
SourceCodester Image Accordion Gallery App 1.0 - Unrestricted Upload
A vulnerability was found in SourceCodester Image Accordion Gallery App 1.0. It has been classified as critical. This affects an unknown part of the file /endpoint/add-image.php. The manipulation of the argument image_name leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258873 was assigned to this vulnerability.
CVSS 6.3
CVE-2024-3139 WRITEUP MEDIUM WRITEUP
SourceCodester Computer Laboratory Management System 1.0 - Improper Authorization in Users.php save_users Function
A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258914 is the identifier assigned to this vulnerability.
CVSS 5.4
CVE-2024-3140 WRITEUP LOW WRITEUP
SourceCodester Computer Laboratory Management System 1.0 - XSS
A vulnerability, which was classified as problematic, was found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file /classes/Users.php?f=save. The manipulation of the argument middlename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258915.
CVSS 3.5
CVE-2024-3376 WRITEUP HIGH WRITEUP
SourceCodester Computer Laboratory Management System 1.0 - RCE
A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file config.php. The manipulation of the argument url leads to execution after redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259497 was assigned to this vulnerability.
CVSS 7.3
CVE-2024-3377 WRITEUP MEDIUM WRITEUP
SourceCodester Computer Laboratory Management System 1.0 - XSS
A vulnerability classified as problematic was found in SourceCodester Computer Laboratory Management System 1.0. This vulnerability affects unknown code of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259498 is the identifier assigned to this vulnerability.
CVSS 4.3
CVE-2024-4293 WRITEUP LOW WRITEUP
PHPGurukul Doctor Appointment Management System 1.0 - XSS
A vulnerability classified as problematic was found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262225 was assigned to this vulnerability.
CVSS 3.5
CVE-2024-4294 WRITEUP MEDIUM WRITEUP
PHPGurukul Doctor Appointment Management System 1.0 - Improper Cont...
A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/view-appointment-detail.php. The manipulation of the argument editid leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262226 is the identifier assigned to this vulnerability.
CVSS 6.3
CVE-2024-32256 EXPLOITDB HIGH text WORKING POC
Phpgurukul Tourism Management System 2.0 - Unrestricted Upload of File with Dangerous Type via Change Image Endpoint
Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image.
CVSS 8.1
CVE-2022-44151 EXPLOITDB CRITICAL text WORKING POC
Simple Inventory Management System v1.0 - SQL Injection
Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.
CVSS 9.8
EIP-2026-106858 EXPLOITDB text WORKING POC
Employee Management System v1 - 'email' SQL Injection
EIP-2026-105387 EXPLOITDB WORKING POC
Bank Locker Management System - SQL Injection
EIP-2026-104716 EXPLOITDB WORKING POC
Blood Bank & Donor Management System using v2.2 - Stored XSS
EIP-2026-104726 EXPLOITDB text WRITEUP
Flashcard Quiz App v1.0 - 'card' SQL Injection
EIP-2026-104725 EXPLOITDB text WRITEUP
FAQ Management System v1.0 - 'faq' SQL Injection