realguoxiufeng

3 exploits Active since Dec 2022
CVE-2022-45008 WRITEUP MEDIUM WRITEUP
Online Leave Management System - XSS
Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name field under the Create New module.
CVSS 4.8
CVE-2022-45009 WRITEUP HIGH WRITEUP
Online Leave Management System - Unrestricted File Upload
Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVSS 7.2
CVE-2022-45010 WRITEUP CRITICAL WRITEUP
Simple Phone Book/directory Web App - SQL Injection
Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /PhoneBook/edit.php.
CVSS 9.8