ersinerenler

15 exploits Active since Nov 2023
CVE-2023-46014 NOMISEC MEDIUM WORKING POC
Code-Projects Blood Bank 1.0 - SQL Injection
SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'hemail' and 'hpassword' parameters.
CVSS 5.5
CVE-2023-46015 NOMISEC MEDIUM WORKING POC
Code-Projects Blood Bank 1.0 - Cross-Site Scripting via 'msg' Parameter
Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL.
CVSS 6.1
CVE-2023-46016 NOMISEC MEDIUM WORKING POC
Code-Projects Blood Bank 1.0 - Cross-Site Scripting via Search Parameter
Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'search' parameter in the application URL.
CVSS 6.1
CVE-2023-46017 NOMISEC MEDIUM WORKING POC
Code-Projects Blood Bank 1.0 - SQL Injection
SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'remail' and 'rpassword' parameters.
CVSS 5.5
CVE-2023-46018 NOMISEC MEDIUM WORKING POC
Code-Projects Blood Bank 1.0 - SQL Injection
SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to run arbitrary SQL commands via 'remail' parameter.
CVSS 5.5
CVE-2023-46019 NOMISEC MEDIUM WORKING POC
Code-Projects Blood Bank 1.0 - Cross-Site Scripting via 'error' Parameter in abs.php
Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'error' parameter.
CVSS 6.1
CVE-2023-46020 NOMISEC MEDIUM WORKING POC
Code-Projects Blood Bank 1.0 - Stored Cross-Site Scripting via updateprofile.php Parameters
Cross Site Scripting (XSS) in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'rename', 'remail', 'rphone' and 'rcity' parameters.
CVSS 6.1
CVE-2023-46021 NOMISEC MEDIUM WORKING POC
Code-Projects Blood Bank 1.0 - SQL Injection
SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary commands via the 'reqid' parameter.
CVSS 5.5
CVE-2023-46022 NOMISEC HIGH WORKING POC
Code-Projects Blood Bank 1.0 - SQL Injection
SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via the 'bid' parameter.
CVSS 7.8
CVE-2023-46024 WRITEUP HIGH WRITEUP
phpgurukul Teacher Subject Allocation Management System 1.0 - SQL Injection via searchdata Parameter
SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter.
CVSS 7.5
CVE-2023-46023 WRITEUP MEDIUM WRITEUP
Code-Projects Simple Task List 1.0 - Info Disclosure
SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter.
CVSS 6.5
CVE-2023-46025 WRITEUP MEDIUM WRITEUP
phpgurukul Teacher Subject Allocation Management System 1.0 - SQL Injection via editid Parameter
SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter.
CVSS 4.9
CVE-2023-46026 WRITEUP MEDIUM WRITEUP
phpgurukul Teacher Subject Allocation Management System 1.0 - XSS
Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email' parameters.
CVSS 4.8
CVE-2023-46580 WRITEUP MEDIUM WRITEUP
Inventory Management 1.0 - Stored Cross-Site Scripting via pname Parameter
Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 allows attackers to execute arbitrary code via the pname parameter of the editProduct.php component.
CVSS 5.4
CVE-2023-46582 WRITEUP HIGH WRITEUP
Inventory Management <1.0 - SQL Injection
SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary SQL commands via the id paramter in the deleteProduct.php component.
CVSS 7.8