Yevhenii Butenko

6 exploits Active since Feb 2024
CVE-2024-24496 WRITEUP CRITICAL WRITEUP
Daily Habit Tracker 1.0 - Unauthenticated Tracker Manipulation via Home and Tracker Management Endpoints
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components.
CVSS 9.8
CVE-2024-24499 EXPLOITDB WRITEUP
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1007. Reason: This candidate is a duplicate of CVE-2024-1007. Notes: All CVE users should reference CVE-2024-1007 instead of this candidate.
CVE-2024-24497 EXPLOITDB WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1009. Reason: This candidate is a duplicate of CVE-2024-1009. Notes: All CVE users should reference CVE-2024-1009 instead of this candidate.
CVE-2024-24496 EXPLOITDB CRITICAL WORKING POC
Daily Habit Tracker 1.0 - Unauthenticated Tracker Manipulation via Home and Tracker Management Endpoints
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components.
CVSS 9.8
CVE-2024-24495 EXPLOITDB CRITICAL WORKING POC
Daily Habit Tracker 1.0 - SQL Injection
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.
CVSS 9.8
CVE-2024-24494 EXPLOITDB MEDIUM WORKING POC
Daily Habit Tracker 1.0 - Stored Cross-Site Scripting via add-tracker.php and update-tracker.php Parameters
Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components.
CVSS 6.1