My First CVE: CVE-2023–30256

Astik Rawat
4 min readMay 22, 2023

Hi everyone, this time I am back with an exciting new. Few weeks ago I got my first CVE. It felt like a great achievement for me and I wanted to share you my journey towards it and also how can you apply for CVE if you have found any findings on any application.



I would like to share my background first as my past learning experience was quite helpful to be honest. But never think it is compulsory in any means honestly. I have done some source code review — mostly for OSWE preparation and many web application penetration testing in the past.

Honestly, if you are good to go for web application testing it is good enough to choose any web application and get started. Of course if you have good understanding of reading source code and understanding them then it would be quite helpful for troubleshooting payload and understanding the parameters which are user controlled.

How and Why I chose Webkul: Qloapps

So I was reading a blog from Joe Helle on How one night he was bored at night and found 2 CVEs. If you don't know Joe Helle, he is also called themayor on social media — Do check him out he has one of the great content online for cybersecurity beginners. So yes, I was reading the blog and saw he researched for Open source Hotel FOSS systems. I did the…



Astik Rawat

Security Consultant | SRT Researcher | OSEP | OSWE | CRTO | OSCP | OSWP | CRT | BSCP | PNPT | eMAPT | PJPT | CPENT | eJPT | CEH Master | CPSA | Network+ | 9xCVE