Budget and Expense Tracker System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
>> ARCHIVE: 2021-09
Budget and Expense Tracker System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
This article discusses the CVE-2021-40444 vulnerability and an alternative path that reduces the lines of JS code to trigger the issue and does not require CAB archives.
http://chaleang.go.th/er.php notified by LahBodoAmat
Budget and Expense Tracker System 1.0 – Authenticated Bypass
Church Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
Online Food Ordering System 2.0 – Remote Code Execution (RCE) (Unauthenticated)
WordPress 5.7 – ‘Media Library’ XML External Entity Injection (XXE) (Authenticated)
Church Management System 1.0 – ‘search’ SQL Injection (Unauthenticated)
T-Soft E-Commerce 4 – change ‘admin credentials’ Cross-Site Request Forgery (CSRF)
Simple Attendance System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.