lcg22266

4 exploits Active since Nov 2022
CVE-2022-44401 WRITEUP CRITICAL WRITEUP
Online Tours & Travels Management System v1.0 - File Upload
Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php.
CVSS 9.8
CVE-2023-1113 WRITEUP LOW WRITEUP
Simple Payroll System 1.0 - Cross-Site Scripting via Admin Page Fullname Parameter
A vulnerability was found in SourceCodester Simple Payroll System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=admin of the component POST Parameter Handler. The manipulation of the argument fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222073 was assigned to this vulnerability.
CVSS 2.4
CVE-2023-1151 WRITEUP MEDIUM WRITEUP
SourceCodester Electronic Medical Records System 1.0 - SQL Injection via administrator.php userid Parameter
A vulnerability was found in SourceCodester Electronic Medical Records System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file administrator.php of the component Cookie Handler. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222163.
CVSS 6.3
CVE-2023-27052 WRITEUP CRITICAL WRITEUP
E-Commerce System v1.0 - SQL Injection
E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/delete_user.php.
CVSS 9.8