Abdullah Çelebi

4 exploits Active since Mar 2026
CVE-2019-25630 EXPLOITDB HIGH text WORKING POC
PhreeBooks ERP 5.2.3 Arbitrary File Upload via Image Manager
PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to the bizuno/image/manager endpoint and execute them via the bizunoFS.php script for remote code execution.
CVSS 8.8
CVE-2019-25529 EXPLOITDB HIGH text WORKING POC
Placeto CMS Alpha rv.4 - SQL Injection
Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based blind, time-based blind, or union-based techniques to extract sensitive database information.
CVSS 7.1
CVE-2019-25473 EXPLOITDB HIGH text WORKING POC
Clinic Pro - SQL Injection
Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthly_expense_overview endpoint with crafted month values using boolean-based blind, time-based blind, or error-based SQL injection techniques to extract sensitive database information.
CVSS 7.1
CVE-2019-25505 EXPLOITDB HIGH text WORKING POC
Tradebox 5.4 - SQL Injection
Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requests to the monthly_deposit endpoint with malicious symbol values using boolean-based blind, time-based blind, error-based, or union-based SQL injection techniques to extract sensitive database information.
CVSS 7.1