webraybtl

62 exploits Active since Mar 2022
CVE-2024-9039 WRITEUP HIGH WRITEUP
Best House Rental Management System 1.0 - SQL Injection via Signup Firstname/Lastname/Email Parameters
A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=signup. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 7.3
CVE-2024-9041 WRITEUP MEDIUM WRITEUP
Best House Rental Management System 1.0 - SQL Injection via update_account firstname/lastname/email Parameters
A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=update_account. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2024-9295 WRITEUP HIGH WRITEUP
Advocate Office Management System 1.0 - SQL Injection via Username Parameter in Login
A vulnerability was found in SourceCodester Advocate Office Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /control/login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 7.3
CVE-2024-9296 WRITEUP HIGH WRITEUP
Advocate Office Management System 1.0 - SQL Injection via /control/forgot_pass.php Username Parameter
A vulnerability was found in SourceCodester Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /control/forgot_pass.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 7.3
CVE-2024-9318 WRITEUP MEDIUM WRITEUP
Advocate Office Management System 1.0 - SQL Injection via /control/activate.php id Parameter
A vulnerability, which was classified as critical, has been found in SourceCodester Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file /control/activate.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-10427 WRITEUP MEDIUM WRITEUP
SourceCodester Pet Grooming Management Software 1.0 - Unrestricted File Upload via User Profile Image
A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. This impacts an unknown function of the file /admin/operation/user.php. Executing manipulation of the argument website_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
CVSS 6.3
CVE-2025-10428 WRITEUP MEDIUM WRITEUP
Pet Grooming Management Software 1.0 - Unrestricted File Upload via SEO Setting Handler
A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/seo_setting.php of the component Setting Handler. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
CVSS 6.3
CVE-2025-10429 WRITEUP MEDIUM WRITEUP
Pet Grooming Management Software 1.0 - SQL Injection via drop_services Parameter
A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_product.php. The manipulation of the argument drop_services results in sql injection. The attack can be launched remotely. The exploit is now public and may be used.
CVSS 6.3
CVE-2025-10430 WRITEUP MEDIUM WRITEUP
SourceCodester Pet Grooming Management Software 1.0 - SQL Injection via /admin/barcode.php ID Parameter
A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/barcode.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
CVSS 6.3
CVE-2025-10431 WRITEUP MEDIUM WRITEUP
Pet Grooming Management Software 1.0 - SQL Injection via ID Parameter in /admin/ajax_represent.php
A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/ajax_represent.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-10828 WRITEUP MEDIUM WRITEUP
SourceCodester Pet Grooming Management Software 1.0 - SQL Injection via edit.php ID Parameter
A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/edit.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
CVSS 6.3
CVE-2025-10839 WRITEUP MEDIUM WRITEUP
SourceCodester Pet Grooming Management Software 1.0 - SQL Injection via inv-print.php ID Parameter
A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. The impacted element is an unknown function of the file /admin/inv-print.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
CVSS 6.3