Unauthenticated attackers can delete arbitrary members and inject SQL via /delete_members.php?id in CodeAstro Membership Management System.

Unauthenticated SQL Injection in print_membership_card.php allows remote attackers to extract credentials and sensitive data from CodeAstro Membership Management System 1.0.

Authenticated attackers can upload PHP files via profile picture endpoints and achieve Remote Code Execution in Scholars Tracking System due to missing file type validation.

Tổng hợp hash types, attack modes, rules và workflow crack password thực tế với Hashcat.

Unauthenticated attackers can access /admin/student.php and /admin/teacher.php to obtain plaintext passwords and PII without any session in ProjectWorlds Online Time Table Generator.

Critical unauthenticated SQL injection in admin user management endpoints allows credential extraction and data manipulation in Scholars Tracking System.

Unauthenticated remote attacker can create/delete users including admin, manipulate tickets and departments via unprotected ajax.php dispatcher in Customer Support System.