anx0ing

12 exploits Active since Aug 2022
CVE-2022-2685 WRITEUP LOW WRITEUP
Interview Management System 1.0 - Cross-Site Scripting via addQuestion.php Question Parameter
A vulnerability was found in SourceCodester Interview Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /addQuestion.php. The manipulation of the argument question with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205673 was assigned to this vulnerability.
CVSS 3.5
CVE-2022-2677 WRITEUP MEDIUM WRITEUP
Apartment Visitor Management System 1.0 - SQL Injection via Username Parameter
A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument username with the input ' AND (SELECT 4955 FROM (SELECT(SLEEP(5)))RSzF) AND 'htiy'='htiy leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205665 was assigned to this vulnerability.
CVSS 6.3
CVE-2022-2679 WRITEUP MEDIUM WRITEUP
Interview Management System 1.0 - SQL Injection via viewReport.php id Parameter
A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of the argument id with the input (UPDATEXML(9729,CONCAT(0x2e,0x716b707071,(SELECT (ELT(9729=9729,1))),0x7162766a71),7319)) leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205667.
CVSS 6.3
CVE-2022-2680 WRITEUP MEDIUM WRITEUP
SourceCodester Church Management System 1.0 - SQL Injection via login.php Username Parameter
A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument username with the input ' OR (SELECT 7064 FROM(SELECT COUNT(*),CONCAT(0x71627a7671,(SELECT (ELT(7064=7064,1))),0x716b707871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- jURL leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205668.
CVSS 6.3
CVE-2022-2683 WRITEUP LOW WRITEUP
Simple Food Ordering System 1.0 - Cross-Site Scripting via Login Page Input
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password with the input "><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205671.
CVSS 3.5
CVE-2022-2684 WRITEUP LOW WRITEUP
Apartment Visitor Management System 1.0 - Cross-Site Scripting via Apartment Number Parameter
A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /manage-apartment.php. The manipulation of the argument Apartment Number with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205672.
CVSS 3.5
CVE-2022-2685 WRITEUP LOW WRITEUP
Interview Management System 1.0 - Cross-Site Scripting via addQuestion.php Question Parameter
A vulnerability was found in SourceCodester Interview Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /addQuestion.php. The manipulation of the argument question with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205673 was assigned to this vulnerability.
CVSS 3.5
CVE-2022-2706 WRITEUP MEDIUM WRITEUP
Online Class and Exam Scheduling System 1.0 - SQL Injection via class Parameter in class_sched.php
A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/class_sched.php. The manipulation of the argument class with the input '||(SELECT 0x684d6b6c WHERE 5993=5993 AND (SELECT 2096 FROM(SELECT COUNT(*),CONCAT(0x717a786b71,(SELECT (ELT(2096=2096,1))),0x717a626271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205830 is the identifier assigned to this vulnerability.
CVSS 6.3
CVE-2022-2707 WRITEUP MEDIUM WRITEUP
Online Class and Exam Scheduling System 1.0 - SQL Injection via faculty Parameter in faculty_sched.php
A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/faculty_sched.php. The manipulation of the argument faculty with the input ' OR (SELECT 2078 FROM(SELECT COUNT(*),CONCAT(0x716a717071,(SELECT (ELT(2078=2078,1))),0x717a706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- uYCM leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205831.
CVSS 6.3
CVE-2022-3671 WRITEUP MEDIUM WRITEUP
SourceCodester eLearning System 1.0 - SQL Injection via /admin/students/manage.php id Parameter
A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212014 is the identifier assigned to this vulnerability.
CVSS 6.3
CVE-2022-37794 WRITEUP CRITICAL WRITEUP
Library Management System 1.0 - SQL Injection via id_no Parameter in in-card.php
In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection.
CVSS 9.8
CVE-2022-37796 WRITEUP MEDIUM WRITEUP
Simple Online Book Store System 1.0 - Stored Cross-Site Scripting via Title, Author, and Description Parameters
In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS).
CVSS 5.4