Borna nematzadeh (L0RD)

25 exploits Active since May 2026
CVE-2018-25339 EXPLOITDB HIGH text WORKING POC
Zechat 1.5 SQL Injection via v parameter (time-based blind)
Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data.
CVSS 8.2
CVE-2018-25338 EXPLOITDB HIGH text WORKING POC
Zechat 1.5 SQL Injection via hashtag parameter
Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names.
CVSS 8.2
CVE-2018-25334 EXPLOITDB MEDIUM text WORKING POC
Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter
Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF protection, allowing for unauthorized changes to user data. This can be exploited by tricking a user into submitting a crafted form or by using a script to obtain and set the CSRF token.
CVSS 5.4
EIP-2026-113195 EXPLOITDB text WORKING POC
Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting
EIP-2026-112817 EXPLOITDB text WORKING POC
TV - Video Subscription - Authentication Bypass SQL Injection
EIP-2026-112296 EXPLOITDB text WORKING POC
Social Oauth Login PHP - Authentication Bypass
EIP-2026-112486 EXPLOITDB text WORKING POC
Superfood 1.0 - Multiple Vulnerabilities
EIP-2026-112452 EXPLOITDB text WORKING POC
Student Profile Management System Script 2.0.6 - Authentication Bypass
EIP-2026-112280 EXPLOITDB text WORKING POC
SOA School Management - 'access_login' SQL Injection
EIP-2026-111564 EXPLOITDB text WORKING POC
PSNews Website 1.0.0 - 'Keywords' SQL Injection
EIP-2026-111508 EXPLOITDB text WORKING POC
Private Message PHP Script 2.0 - Cross-Site Scripting
EIP-2026-110503 EXPLOITDB text WORKING POC
Paypal Clone Script 1.0.9 - 'id' / 'acctype' SQL Injection
EIP-2026-110585 EXPLOITDB text WORKING POC
PHIMS - Hospital Management Information System - 'Password' SQL Injection
EIP-2026-110189 EXPLOITDB text WORKING POC
Online Test Script 2.0.7 - 'cid' SQL Injection
EIP-2026-109948 EXPLOITDB text WORKING POC
NodAPS 4.0 - SQL injection / Cross-Site Request Forgery
EIP-2026-109947 EXPLOITDB text WORKING POC
NodAPS 4.0 - SQL injection / Cross-Site Request Forgery
EIP-2026-109838 EXPLOITDB text WORKING POC
Naukri Clone Script 3.0.3 - 'indus' SQL Injection
EIP-2026-109537 EXPLOITDB text WORKING POC
Model Agency Media House & Model Gallery 1.0 - Multiple Vulnerabilities
EIP-2026-109342 EXPLOITDB text WORKING POC
Matrimonial Website Script 2.1.6 - 'uid' SQL Injection
EIP-2026-107971 EXPLOITDB text WORKING POC
iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery
EIP-2026-107153 EXPLOITDB text WORKING POC
Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery
EIP-2026-107154 EXPLOITDB text WORKING POC
Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery
EIP-2026-106890 EXPLOITDB text WORKING POC
Entrepreneur Dating Script 2.0.2 - Authentication Bypass
EIP-2026-105304 EXPLOITDB text WORKING POC
Auto Car 1.2 - 'car_title' SQL Injection / Cross-Site Scripting
EIP-2026-105308 EXPLOITDB text WORKING POC
Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities