- CVE-2021-40635: SQL Injection in
id
Parameter ( OS4ED/openSIS-Classic#195 ) - with HPT Cyber Security - CVE-2021-40636: XSS and Error based SQL injection in
CheckDuplicateName.php
( OS4ED/openSIS-Classic#198 ) - with HPT Cyber Security - CVE-2021-40637 Reflected XSS in
EmailCheckOthers.php
( OS4ED/openSIS-Classic#199 ) - with HPT Cyber Security
- CVE-2022-27330: Stored XSS in
/public/admin/index.php
( https://nvd.nist.gov/vuln/detail/CVE-2022-27330 ) - Collab with D4rkP0w4r
- CVE-2023-36543: ReDos in Apache Airflow ( https://security.snyk.io/vuln/SNYK-PYTHON-APACHEAIRFLOW-5773324 ) - with NCS HCM
- CVE-2023-5917: Path traversal to Stored XSS in import icons PHPBB ( https://www.phpbb.com/community/viewtopic.php?t=2646991 )
- CVE-2024-23335: mybb .htaccess file deletion (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23335)
- CVE-2024-23336: mybb allow list bypass to unauthenticated SSRF (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23336)