http://chaleang.go.th/er.php notified by LahBodoAmat
>> AUTHOR: deepcore
http://chaleang.go.th/er.php notified by LahBodoAmat
Budget and Expense Tracker System 1.0 – Authenticated Bypass
Church Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
Online Food Ordering System 2.0 – Remote Code Execution (RCE) (Unauthenticated)
WordPress 5.7 – ‘Media Library’ XML External Entity Injection (XXE) (Authenticated)
T-Soft E-Commerce 4 – change ‘admin credentials’ Cross-Site Request Forgery (CSRF)
Church Management System 1.0 – ‘search’ SQL Injection (Unauthenticated)
Simple Attendance System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Library Management System version 1.0 suffers from a remote blind time-based SQL injection vulnerability.
Cloudron version 6.2 suffers from a cross site scripting vulnerability.