Solon Barroso da Silva

4 exploits Active since Dec 2025
CVE-2025-63947 WRITEUP MEDIUM WRITEUP
phpmsadmin 2.2 - Authenticated Reflected Cross-Site Scripting via dbname Parameter
A Reflected Cross-Site Scripting (XSS) vulnerability exists in phpMsAdmin version 2.2 in the database_mode.php file. An attacker can execute arbitrary web script or HTML via the dbname parameter after a user is authenticated.
CVSS 5.4
CVE-2025-63948 WRITEUP MEDIUM WRITEUP
phpMsAdmin 2.2 - SQL Injection via dbname Parameter
A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the database_mode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation.
CVSS 5.4
CVE-2025-63949 WRITEUP MEDIUM WRITEUP
yohanawi Hotel Management System - XSS
A Reflected Cross-Site Scripting (XSS) vulnerability in yohanawi Hotel Management System (commit 87e004a) allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php.
CVSS 6.1
CVE-2025-63950 WRITEUP HIGH WRITEUP
to3k Twittodon <b1c58a7d1dc664 - Open Redirect
An insecure deserialization vulnerability exists in the download.php script of the to3k Twittodon application through commit b1c58a7d1dc664b38deb486ca290779621342c0b (2023-02-28). The 'obj' parameter receives base64-encoded data that is passed directly to the unserialize() function without validation. This allows a remote, unauthenticated attacker to inject arbitrary PHP objects, leading to a denial of service.
CVSS 7.5