My Journey in CVE Research: From Discovery to Disclosure
Introduction
Researching software vulnerabilities and contributing to the CVE ecosystem is both a technical challenge and a responsibility. This post highlights my personal experience in vulnerability research—how I discovered flaws, validated them safely, and worked through the disclosure process that eventually led to public CVE assignments.
Why I Pursue CVE Research
My motivation stems from three key goals:
- Improving security in widely used applications.
- Challenging myself through real-world vulnerability hunting.
- Contributing to the community by documenting findings publicly in CVE databases, Exploit-DB, and security advisories.
Each CVE is not just a number; it reflects effort, analysis, communication, and a contribution toward a safer ecosystem.
Research Approach
Here’s the typical workflow I follow when hunting vulnerabilities:
-
Reconnaissance & Inventory
Identify application versions, plugins, and changelogs—especially outdated or unpatched components. -
Input Analysis
Map input vectors such asidparameters, form fields, or embedded content options. -
Proof-of-Concept (Non-Destructive)
Craft controlled payloads to safely confirm the existence of flaws (e.g., blind SQLi timing, harmless XSS markers). -
Manual Verification
Cross-check results to avoid false positives and gather reproducible evidence. -
Responsible Disclosure
Contact vendors, share detailed steps, and allow remediation time before public release or CVE request.
Selected Research Outcomes
Below are some of my published findings, with direct links to Exploit-DB and WPScan entries.
Exploit-DB Publications
- Hospitals Patient Records Management System 1.0 – Account TakeOver
- Hospitals Patient Records Management System 1.0 – ‘id’ SQL Injection (Authenticated)
- Online Veterinary Appointment System 1.0 – ‘Multiple’ SQL Injection
- Online Railway Reservation System 1.0 – ‘id’ SQL Injection (Unauthenticated)
- Old Age Home Management System 1.0 – SQLi Authentication Bypass
CVE Publications (via WPScan)
- CVE-2021-24614 – Book appointment Online < 1.39 – Authenticated Stored XSS
- CVE-2021-24621 – WP Courses LMS < 2.0.44 – Authenticated Stored XSS via Video Embed Code
- CVE-2021-24622 – WP Ticket < 5.10.4 – Admin+ Stored XSS
- CVE-2021-24623 – Advanced Ticket System < 1.0.64 – Authenticated Stored XSS
- CVE-2022-2395 – weForms < 1.6.14 – Admin+ Stored XSS
Key Lessons Learned
- Clear documentation accelerates vendor response.
- Manual review is essential to confirm findings from automated scans.
- Responsible disclosure builds trust and ensures vulnerabilities are patched safely.
- Patience pays off—from discovery to CVE publication can be a lengthy process.
Conclusion
CVE research is about persistence, responsibility, and contributing back to the community. Every published CVE is a small step toward better security for everyone. My journey continues, and I hope sharing this process helps aspiring security researchers understand not only the how but also the why of vulnerability disclosure.