>> AUTHOR: deepcore

COVID19 Testing Management System 1.0 – ‘State’ Stored Cross-Site-Scripting (XSS)

Small CRM 3.0 – ‘Authentication Bypass’ SQL Injection

Stock Management System 1.0 – ‘user_id’ Blind SQL injection (Authenticated)

Spy Emergency 25.0.650 – ‘Multiple’ Unquoted Service Path

TextPattern CMS 4.8.7 – Remote Command Execution (Authenticated)

OpenEMR 5.0.1.3 – ‘manage_site_files’ Remote Code Execution (Authenticated)

WibuKey Runtime 6.51 – ‘WkSvW32.exe’ Unquoted Service Path

Secure Notepad Private Notes 3.0.3 – Denial of Service (PoC)

GLPI 9.4.5 – Remote Code Execution (RCE)

Accela Civic Platform 21.1 – ‘contactSeqNumber’ Insecure Direct Object References (IDOR)