b1tm4r

3 exploits Active since Apr 2025
CVE-2025-29017 NOMISEC HIGH WORKING POC
Codeastro Internet Banking System - Unrestricted File Upload
A Remote Code Execution (RCE) vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profile_pic parameter within pages_view_client.php.
1 stars
CVSS 8.8
CVE-2025-29015 NOMISEC MEDIUM WRITEUP
Codeastro Internet Banking System - XSS
Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name parameter in /admin/pages_account.php.
CVSS 6.1
CVE-2025-29018 NOMISEC MEDIUM WRITEUP
Codeastro Internet Banking System - XSS
A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0.
CVSS 4.8