Simple Attendance System 1.0 – Unauthenticated Blind SQLi
Simple Attendance System 1.0 – Unauthenticated Blind SQLi
An HTTP endpoint used by the Manage Engine OpManager Smart Update Manager component can be leveraged to deserialize an arbitrary Java object. This can be abused by an unauthenticated remote…
Positive Technologies Maxpatrol 8 and Xspider appears to suffer from a denial of service vulnerability.
WordPress version 5.7 suffers from a Media Library XML external entity injection vulnerability.
Church Management System version 1.0 remote shell upload exploit.
Online Food Ordering System version 2.0 remote shell upload exploit.
Budget and Expense Tracker System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Church Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Murat Demirci in July of 2021.
T-Soft E-Commerce version 4 suffers from a cross site request forgery vulnerability.
This article discusses the CVE-2021-40444 vulnerability and an alternative path that reduces the lines of JS code to trigger the issue and does not require CAB archives.