TCSWT

CVE-2020-36003 WRITEUP HIGH WRITEUP

Online Book Store - SQL Injection

The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.

CVSS 7.5

View Code

CVE-2020-36034 WRITEUP CRITICAL WRITEUP

School Faculty Scheduling System - SQL Injection

SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php.

CVSS 9.8

View Code

CVE-2021-25203 WRITEUP CRITICAL WRITEUP

Victor CMS <1.0 - RCE

Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.

CVSS 9.8

View Code