>> TAG: #remote exploit

PHPIPAM 1.4.4 – SQLi (Authenticated)

Landa Driving School Management System 2.0.1 – Arbitrary File Upload

uDoctorAppointment v2.1.1 – ‘Multiple’ Cross Site Scripting (XSS)

Rocket LMS 1.1 – Persistent Cross Site Scripting (XSS)

Affiliate Pro 1.7 – ‘Multiple’ Cross Site Scripting (XSS)

Archeevo 5.0 – Local File Inclusion

WorkTime 10.20 Build 4967 – Unquoted Service Path

Online Resort Management System 1.0 – SQLi (Authenticated)

OpenBMCS 2.4 – SQLi (Authenticated)

OpenBMCS 2.4 – Server Side Request Forgery (SSRF) (Unauthenticated)