b1tm4r

3 exploits Active since Apr 2025
CVE-2025-29017 NOMISEC HIGH WORKING POC
Code Astro Internet Banking System 2.0.0 - Remote Code Execution via Profile Picture Upload
A Remote Code Execution (RCE) vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profile_pic parameter within pages_view_client.php.
1 stars
CVSS 8.8
CVE-2025-29015 NOMISEC MEDIUM WRITEUP
Code Astro Internet Banking System 2.0.0 - Cross-Site Scripting via Name Parameter
Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name parameter in /admin/pages_account.php.
CVSS 6.1
CVE-2025-29018 NOMISEC MEDIUM WRITEUP
Code Astro Internet Banking System 2.0.0 - Stored Cross-Site Scripting via Name Parameter
A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0.
CVSS 4.8