AkkuS

99 exploits Active since Nov 2018
EIP-2026-109919 EXPLOITDB text WORKING POC
NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection
EIP-2026-109170 EXPLOITDB text WORKING POC
Listing Hub CMS 1.0 - SQL Injection
CVE-2018-20159 EXPLOITDB HIGH python WORKING POC
i-doit 1.11.2 - Authenticated Remote Code Execution via Plugin ZIP Upload
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file because a ZIP archive is accepted by /admin/?req=modules&action=add as a plugin, and extracted to the main directory. In order for the ".zip" file to be accepted, it must also contain a package.json file.
CVSS 7.2
EIP-2026-107467 EXPLOITDB text WORKING POC
GPSTracker 1.0 - 'id' SQL Injection
EIP-2026-107409 EXPLOITDB text WORKING POC
Gigs 2.0 - 'username' SQL Injection
EIP-2026-107295 EXPLOITDB text WORKING POC
FTP2FTP 1.0 - Arbitrary File Download
EIP-2026-106736 EXPLOITDB text WORKING POC
EasyService Billing 1.0 - 'p1' SQL Injection
EIP-2026-106737 EXPLOITDB text WORKING POC
EasyService Billing 1.0 - SQL Injection / Cross-Site Scripting
CVE-2019-9623 EXPLOITDB CRITICAL ruby WORKING POC
Feng Office 3.7.0.5 - Unauthenticated Remote Code Execution via .shtml File Upload
Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php.
CVSS 9.8
EIP-2026-107067 EXPLOITDB text WORKING POC
Feedy RSS News Ticker 2.0 - 'cat' SQL Injection
EIP-2026-106865 EXPLOITDB text WORKING POC
Employee Work Schedule 5.9 - 'cal_id' SQL Injection
CVE-2019-9622 EXPLOITDB MEDIUM python WORKING POC
ebrigade < 4.5 - Arbitrary File Download via showfile.php File Parameter
eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file.
CVSS 4.3
EIP-2026-106695 EXPLOITDB text WORKING POC
Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting
EIP-2026-106720 EXPLOITDB text WORKING POC
easyLetters 1.0 - 'id' SQL Injection
CVE-2018-19799 EXPLOITDB MEDIUM text WORKING POC
Dolibarr ERP/CRM <= 8.0.3 - Cross-Site Scripting via Export Datatoexport Parameter
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS.
CVSS 6.1
CVE-2019-9581 EXPLOITDB HIGH python WORKING POC
phpscheduleit Booked Scheduler <2.7.5 - RCE
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension.
CVSS 8.8
EIP-2026-105590 EXPLOITDB text WORKING POC
BookingWizz Booking System 5.5 - 'id' SQL Injection
CVE-2019-9581 EXPLOITDB HIGH ruby WORKING POC
phpscheduleit Booked Scheduler <2.7.5 - RCE
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension.
CVSS 8.8
CVE-2019-11446 EXPLOITDB HIGH ruby WORKING POC
ATutor < 2.2.4 - Authenticated Arbitrary File Upload via File Manager
An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase (and thus .phP is a bypass), and omits .shtml and .phtml.
CVSS 8.8
EIP-2026-105369 EXPLOITDB text WORKING POC
Baby Names Search Engine 1.0 - 'a' SQL Injection
EIP-2026-105055 EXPLOITDB text WORKING POC
Ajax Full Featured Calendar 2.0 - 'search' SQL Injection
CVE-2019-11447 EXPLOITDB HIGH ruby WORKING POC
CutePHP CuteNews 2.1.2 - Code Injection
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
CVSS 8.8
CVE-2019-10863 EXPLOITDB HIGH ruby WORKING POC
TeemIp < 2.4.0 - Remote Code Execution via exec.php new_config Parameter
A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server.
CVSS 7.2
CVE-2019-12099 EXPLOITDB HIGH ruby WORKING POC
php-fusion < 9.03.00 - Authenticated Remote Code Execution via Avatar Upload
In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload.
CVSS 8.8
CVE-2019-11631 EXPLOITDB ruby WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none