CMSimple_XH 1.7.4 – Remote Code Execution (RCE) (Authenticated)
>> AUTHOR: deepcore
CMSimple_XH 1.7.4 – Remote Code Execution (RCE) (Authenticated)
WhatsUpGold 21.0.3 – Stored Cross-Site Scripting (XSS)
Vehicle Service Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
Phpwcms 1.9.30 – File Upload to XSS
Blood Bank System 1.0 – SQL Injection / Authentication Bypass
Drupal Module MiniorangeSAML 8.x-2.22 – Privilege escalation via XML Signature Wrapping
Dairy Farm Shop Management System 1.0 – SQL Injection Authentication Bypass
Exam Form Submission System 1.0 – SQL Injection Authentication Bypass
PlaceOS version 1.2109.1 suffers from an open redirection vulnerability.
Covid Vaccination Scheduler System version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to faisalfs10x in July…