janikwehrli1/0dayHunt

janikwehrli1/0dayHunt

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases0

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-41661 ↗	Jun 13, 2022Monday, 13 June 2022, 23:15	9.8 CRITICAL	7.5 HIGH
Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell.
CVE-2021-41662 ↗	Jun 13, 2022Monday, 13 June 2022, 23:15	9.8 CRITICAL	7.5 HIGH
The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg function. This vulnerability leads to remote code execution.
CVE-2021-41674 ↗	Oct 29, 2021Friday, 29 October 2021, 16:15	9.8 CRITICAL	7.5 HIGH
An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email parameter in /admin/login.php.
CVE-2021-41675 ↗	Oct 29, 2021Friday, 29 October 2021, 16:15	7.2 HIGH	6.5 MEDIUM
A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. .
CVE-2021-41676 ↗	Oct 29, 2021Friday, 29 October 2021, 16:15	9.8 CRITICAL	7.5 HIGH
An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php.