nhattruong

5 exploits Active since Apr 2020
CVE-2021-28424 EXPLOITDB MEDIUM text WORKING POC
Teachers Record Management System 1.0 - XSS
A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.
CVSS 5.4
CVE-2021-28423 EXPLOITDB HIGH text WORKING POC
Teachers Record Management System <2.1 - SQL Injection
Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php.
CVSS 8.8
CVE-2020-6010 METASPLOIT HIGH ruby WORKING POC
LearnPress <3.2.6.7 - SQL Injection
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
CVSS 8.8
CVE-2020-6010 EXPLOITDB HIGH text WORKING POC
LearnPress <3.2.6.7 - SQL Injection
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
CVSS 8.8
EIP-2026-113865 EXPLOITDB text WORKING POC
WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation