geraldoalcantara

34 exploits Active since Dec 2023
CVE-2023-49987 NOMISEC MEDIUM WRITEUP
Oretnom23 School Fees Management System - XSS
A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter.
CVSS 5.4
CVE-2023-49988 NOMISEC HIGH WRITEUP
Pratham-jaiswal Hotel Booking Management System - SQL Injection
Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss parameter at rooms.php.
CVSS 7.5
CVE-2023-51281 NOMISEC MEDIUM WRITEUP
Customer Support System <1.0 - XSS
Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters.
CVSS 5.4
CVE-2023-49979 NOMISEC HIGH WRITEUP
Customer Support System <v1 - Info Disclosure
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.
CVSS 7.5
CVE-2023-49540 NOMISEC MEDIUM WRITEUP
Oretnom23 Book Store Management System - XSS
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/history. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the history parameter.
CVSS 6.1
CVE-2023-49543 NOMISEC CRITICAL WRITEUP
Book Store Management System - Improper Access Control
Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating.
CVSS 9.8
CVE-2023-49544 NOMISEC MEDIUM WRITEUP
Oretnom23 Customer Support System - SQL Injection
A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customer_support/index.php.
CVSS 4.9
CVE-2023-49545 NOMISEC HIGH WRITEUP
Oretnom23 Customer Support System - Improper Access Control
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.
CVSS 7.5
CVE-2023-49546 NOMISEC HIGH WORKING POC
Oretnom23 Customer Support System - SQL Injection
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php.
CVSS 8.8