8bitsec

52 exploits Active since May 2018
CVE-2023-53940 EXPLOITDB HIGH text WORKING POC
Codigo Markdown Editor 1.0.1 - Code Injection
Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js child_process module when the file is opened.
CVSS 7.8
CVE-2017-18602 EXPLOITDB HIGH text WRITEUP
WordPress Examapp Plugin 1.0 - SQL Injection
The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.
CVSS 8.8
CVE-2017-18601 EXPLOITDB MEDIUM text WRITEUP
WordPress examapp <1.0 - XSS
The examapp plugin 1.0 for WordPress has XSS via exam input text fields.
CVSS 5.4
EIP-2026-114495 EXPLOITDB text WORKING POC
XYZ Auto Classifieds 1.0 - SQL Injection
EIP-2026-113620 EXPLOITDB text WORKING POC
WordPress Plugin Car Park Booking - SQL Injection
EIP-2026-113541 EXPLOITDB text WRITEUP
WordPress Plugin Ads Pro < 3.4 - Cross-Site Scripting / SQL Injection
EIP-2026-112875 EXPLOITDB text WRITEUP
Ultimate HR System < 1.2 - Directory Traversal / Cross-Site Scripting
CVE-2018-10258 EXPLOITDB HIGH text WORKING POC
Shopy Point of Sale <1.0 - Code Injection
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
CVSS 8.8
EIP-2026-111966 EXPLOITDB text WORKING POC
Secure E-commerce Script 1.02 - 'sid' SQL Injection
EIP-2026-111703 EXPLOITDB text WORKING POC
Real Estate Custom Script - 'route' SQL Injection
EIP-2026-111706 EXPLOITDB text WORKING POC
Real Estate MLM plan script 1.0 - 'srch' SQL Injection
EIP-2026-110733 EXPLOITDB text WORKING POC
PHP Multi Vendor Script 1.02 - 'sid' SQL Injection
EIP-2026-110651 EXPLOITDB text WRITEUP
PHP Auction Ecommerce Script 1.6 - SQL Injection
EIP-2026-108117 EXPLOITDB text WORKING POC
Jobs2Careers / Coroflot Clone - SQL Injection
EIP-2026-108120 EXPLOITDB text WORKING POC
JobStar Monster Clone Script 1.0 - SQL Injection
CVE-2018-10259 EXPLOITDB MEDIUM text WORKING POC
HRSALE The Ultimate HRM <1.0.2 - XSS
An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
CVSS 5.4
CVE-2018-10257 EXPLOITDB HIGH text WORKING POC
HRSALE The Ultimate HRM <1.0.2 - Command Injection
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
CVSS 8.8
CVE-2018-10260 EXPLOITDB HIGH text WORKING POC
HRSALE The Ultimate HRM 1.0.2 - LFI
A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
CVSS 8.8
EIP-2026-108013 EXPLOITDB text WRITEUP
iTech StockPhoto Script 2.02 - SQL Injection
EIP-2026-107985 EXPLOITDB text WORKING POC
iTech Book Store Script 2.02 - SQL Injection
CVE-2018-10256 EXPLOITDB HIGH text WORKING POC
HRSALE The Ultimate HRM <1.0.2 - SQL Injection
A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query.
CVSS 8.8
EIP-2026-107996 EXPLOITDB text WORKING POC
iTech Gigs Script 1.20 - 'cat' SQL Injection
EIP-2026-107272 EXPLOITDB text WORKING POC
FS Car Rental Script - 'pickup_location' SQL Injection
EIP-2026-107271 EXPLOITDB text WORKING POC
FS Book Store Script - 'category' SQL Injection
EIP-2026-107291 EXPLOITDB text WRITEUP
FS Trademe Clone - 'id' SQL Injection