cptsticky

4 exploits Active since Mar 2021
CVE-2021-29663 WRITEUP MEDIUM WORKING POC
Course Registration Management System 2.1 - Stored Cross-Site Scripting via Admin Job Title Parameter
CourseMS (aka Course Registration Management System) 2.1 is affected by cross-site scripting (XSS). When an attacker with access to an Admin account creates a Job Title in the Site area (aka the admin/add_jobs.php name parameter), they can insert an XSS payload. This payload will execute whenever anyone visits the registration page.
CVSS 4.8
CVE-2021-30000 WRITEUP CRITICAL WORKING POC
LATRIX 0.6.0 - SQL Injection via txtaccesscode Parameter
An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution.
CVSS 9.8
EIP-2026-104303 EXPLOITDB text WORKING POC
Latrix 0.6.0 - 'txtaccesscode' SQL Injection
EIP-2026-104209 EXPLOITDB text WORKING POC
CourseMS 2.1 - 'name' Stored XSS