Bounties
Partners
Community
Info
unilogies / bumsys
Project repository
An open sources project called Business Management System
Submit a report
FIRST INTERACTION
WITHIN
1 DAY
REVIEW
WITHIN
5 DAYS
FIX
WITHIN
20 DAYS
Application using hardcoded credentials for SMS System
May 26th 2023
0xdhinu
•
self closed
Stored XSS in ajax_select2.php
Apr 28th 2023
jomc98
•
duplicate
Medium
SQL Injection in expenses/ajax.php & loan-management/ajax.php
Apr 29th 2023
jomc98
•
High
High
SQL Injection in ajax_data.php
Apr 28th 2023
jomc98
•
High
High
•
CVE-2023-2832
CVE-2023-2832
File Upload Path Validation Error
Apr 28th 2023
jomc98
•
High
High
•
CVE-2023-2554
CVE-2023-2554
Unable to indicate negative amount in captial
Apr 29th 2023
popcorn94
•
Medium
Medium
Multiple XSS on update funtions with module select options and search form
Apr 28th 2023
tht1997
•
Medium
Medium
•
CVE-2023-2553
CVE-2023-2553
Input validation and money transfer vulnerability with negative number
Apr 29th 2023
tht1997
•
Medium
Medium
Default FTP
Apr 29th 2023
lambardarr
•
informative
Medium
Path Traversal in code
Apr 28th 2023
hatlesswizard
•
Medium
Medium
SQL Injection
Apr 28th 2023
ka1n4t
•
Critical
Critical
SQL Injection in '/module/accounts/ajax.php'
Apr 28th 2023
tsarsecurity
•
High
High
Full CSRF Bypass
Apr 25th 2023
tsarsecurity
•
High
High
•
CVE-2023-2552
CVE-2023-2552
SQL Injection in 'core/ajax/ajax_data.php'
Apr 28th 2023
tsarsecurity
•
High
High
SQL Injection in 'core/ajax/ajax_data.php'
Mar 4th 2023
tsarsecurity
•
High
High
•
CVE-2023-1361
CVE-2023-1361
SQL Injection leads to code execution
Apr 25th 2023
jrozner
•
High
High
Local file inclusion leading to RCE
Apr 25th 2023
jrozner
•
High
High
•
CVE-2023-2551
CVE-2023-2551
UI REDRESSING
Mar 4th 2023
ctflearner
•
High
High
•
CVE-2023-1362
CVE-2023-1362
LFI in module invoice-print and print
Feb 23rd 2023
mukundbhuva
•
High
High
Stored XSS in Customer Support
Feb 23rd 2023
hatlesswizard
•
Medium
Medium
•
CVE-2023-0995
CVE-2023-0995
Improper Neutralization of Input in paperWidth param During Web Page Generation
Feb 23rd 2023
mukundbhuva
•
High
High
Rxss in msg parameter
Feb 21st 2023
mukundbhuva
•
High
High
Unauthenticated CSRF to XSS on login page
Jan 29th 2023
leorac
•
Medium
Medium
No limit in length of "Account Name" & ”Bank Name” parameter results in DOS atta...
Jan 26th 2023
ctflearner
•
not applicable
No permission user can increase his role to administrator
Jan 29th 2023
bruhbey
•
High
High
Cookie without “Secure “ and “ HttpOnly ” flag attribute
Jan 22nd 2023
ctflearner
•
Medium
Medium
Account Takeover via Response Manipulation
Jan 21st 2023
sachinh09
•
self closed
File Upload Type Validation Error
Jan 22nd 2023
ctflearner
•
High
High
•
CVE-2023-0455
CVE-2023-0455
FTP Port Open
Jan 22nd 2023
sachinh09
•
not applicable
Cookie missing the Secure attribute
Jan 22nd 2023
sachinh09
•
duplicate
High
Reflected XSS on msg Parameter
Jan 19th 2023
mu57f4
•
High
High
Reflected XSS on multiple locations and parameters
Nov 8th 2022
krizzsk
•
Medium
Medium
Reflected XSS on ID parameter
Nov 2nd 2022
krizzsk
•
Medium
Medium
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
