sudoninja-noob

13 exploits Active since May 2022
CVE-2022-43369 NOMISEC MEDIUM NO CODE
AutoTaxi Stand Management System v1.0 - XSS
AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component search.php.
1 stars
CVSS 6.1
CVE-2022-45217 NOMISEC MEDIUM NO CODE
Book Store Management System 1.0.0 - Stored Cross-Site Scripting via Level Parameter in Add New System User Module
A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module.
1 stars
CVSS 5.4
CVE-2022-47102 NOMISEC MEDIUM NO CODE
Student Study Center Management System V 1.0 - XSS
A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
CVSS 5.4
CVE-2022-45728 NOMISEC MEDIUM NO CODE
Doctor Appointment Management System 1.0.0 - Cross-Site Scripting
Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability.
CVSS 6.1
CVE-2022-45729 NOMISEC MEDIUM NO CODE
Doctor Appointment Management System 1.0.0 - Cross-Site Scripting via Employee ID Parameter
A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter.
CVSS 6.1
CVE-2022-46622 NOMISEC MEDIUM NO CODE
Judging Management System v1.0 - XSS
A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter.
CVSS 6.1
CVE-2022-46623 NOMISEC HIGH NO CODE
Judging Management System v1.0.0 - SQL Injection
Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the username parameter.
CVSS 7.8
CVE-2022-29005 NOMISEC MEDIUM STUB
Online Birth Certificate System v1.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.
CVSS 6.1
CVE-2022-29004 NOMISEC MEDIUM STUB
e-diary_management_system v1.0 - Cross-Site Scripting via Name Parameter in search-result.php
Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.
CVSS 6.1
CVE-2022-29007 NOMISEC CRITICAL STUB
Dairy Farm Shop Management System v1.0 - SQL Injection
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.
CVSS 9.8
CVE-2022-29008 NOMISEC MEDIUM STUB
Bus Pass Management System v1.0 - Info Disclosure
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information.
CVSS 6.5
CVE-2022-29009 NOMISEC CRITICAL STUB
Cyber Cafe Management System Project v1.0 - SQL Injection
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.
CVSS 9.8
CVE-2022-29006 NOMISEC CRITICAL STUB
Directory Management System v1.0 - SQL Injection
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
CVSS 9.8