takekaramey

18 exploits Active since Aug 2024
CVE-2024-40476 WRITEUP HIGH WRITEUP
SourceCodester Best House Rental Management System v1.0 - CSRF
A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0. This could lead to an attacker tricking the administrator into adding/modifying/deleting valid tenant data via a crafted HTML page, as demonstrated by a Delete Tenant action at the /rental/ajax.php?action=delete_tenant.
CVSS 8.0
CVE-2024-41236 WRITEUP HIGH WRITEUP
Kashipara Responsive School Management System v3.2.0 - SQL Injection via Admin Login Username Parameter
A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page
CVSS 7.2
CVE-2024-41237 WRITEUP CRITICAL WRITEUP
Kashipara Responsive School Management System 1.0 - SQL Injection via Teacher Login Username Parameter
A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.
CVSS 9.8
CVE-2024-41240 WRITEUP MEDIUM WRITEUP
Kashipara Responsive School Management System v3.2.0 - Reflected Cross-Site Scripting via Teacher Login Error Parameter
A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter.
CVSS 6.1
CVE-2024-41241 WRITEUP MEDIUM WRITEUP
Kashipara Responsive School Management System v3.2.0 - Reflected Cross-Site Scripting via Admin Login Error Parameter
A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter.
CVSS 6.1
CVE-2024-41242 WRITEUP MEDIUM WRITEUP
Kashipara Responsive School Management System 3.2.0 - Reflected Cross-Site Scripting via Student Login Error Parameter
A Reflected Cross Site Scripting (XSS) vulnerability was found in /smsa/student_login.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter.
CVSS 6.1
CVE-2024-41252 WRITEUP MEDIUM WRITEUP
Kashipara Responsive School Management System v3.2.0 - Unauthenticated Access Control Bypass in Student Registration
An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve student registration.
CVSS 6.5
CVE-2024-42762 WRITEUP MEDIUM WRITEUP
Kashipara Bus Ticket Reservation System v1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability was found in "/history.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the Name, Phone, and Email parameter fields.
CVSS 5.4
CVE-2024-42763 WRITEUP MEDIUM WRITEUP
Kashipara Bus Ticket Reservation System v1.0 - XSS
A Reflected Cross Site Scripting (XSS) vulnerability was found in the "/schedule.php" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the "bookingdate" parameter.
CVSS 5.4
CVE-2024-42765 WRITEUP CRITICAL WRITEUP
Kashipara Bus Ticket Reservation System v1.0 - SQL Injection
A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters.
CVSS 9.8
CVE-2024-42767 WRITEUP HIGH WRITEUP
Kashipara Hotel Management System v1.0 - RCE
Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php.
CVSS 7.2
CVE-2024-42769 WRITEUP MEDIUM WRITEUP
Kashipara Hotel Management System v1.0 - XSS
A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters.
CVSS 6.1
CVE-2024-42770 WRITEUP MEDIUM WRITEUP
Kashipara Hotel Management System <1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter.
CVSS 4.7
CVE-2024-42773 WRITEUP CRITICAL WRITEUP
Kashipara Hotel Management System <1.0 - Info Disclosure
An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section.
CVSS 9.1
CVE-2024-42786 WRITEUP HIGH WRITEUP
Kashipara Music Management System <1.0 - SQL Injection
A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page.
CVSS 8.8
CVE-2024-42787 WRITEUP MEDIUM WRITEUP
Kashipara Music Management System v1.0 - Stored Cross-Site Scripting via Playlist Title and Description Parameters
A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "description" parameter fields.
CVSS 6.1
CVE-2024-42789 WRITEUP MEDIUM WRITEUP
Kashipara Music Management System <1.0 - XSS
A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/controller.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter.
CVSS 6.3
CVE-2024-42793 WRITEUP HIGH WRITEUP
Kashipara Music Management System v1.0 - CSRF
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.
CVSS 8.0