CrashBandicot

13 exploits Active since Oct 2019
CVE-2016-20082 EXPLOITDB MEDIUM text WORKING POC
WordPress Plugin Abtest Local File Inclusion via abtest_admin.php
WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtest_admin.php with malicious action values to include files from the admin directory and execute arbitrary code.
CVSS 6.2
CVE-2016-20081 EXPLOITDB HIGH text WORKING POC
WordPress Plugin HB Audio Gallery Lite 1.0.0 Path Traversal File Download
WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the file_path parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to access sensitive files like wp-config.php outside the intended gallery directory.
CVSS 7.5
CVE-2016-20078 EXPLOITDB MEDIUM text WORKING POC
WordPress IMDb Profile Widget 1.0.8 Local File Inclusion via pic.php
WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like wp-config.php containing database credentials and configuration data.
CVSS 6.2
CVE-2016-20077 EXPLOITDB MEDIUM text WORKING POC
WordPress Plugin Photocart Link 1.6 Local File Inclusion via decode.php
WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoint to retrieve sensitive files like wp-config.php containing database credentials and configuration data.
CVSS 6.2
CVE-2017-20251 EXPLOITDB CRITICAL text WORKING POC
WordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API
WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the wp-json/wp/v2/posts endpoint with crafted content containing insert_php shortcodes to include and execute remote PHP files on the server.
CVSS 9.8
CVE-2015-9464 EXPLOITDB HIGH text WORKING POC
s3bubble-amazon-s3-html-5-video-with-adverts 0.7 - Path Traversal via Downloader Path Parameter
The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
CVSS 7.5
CVE-2015-10087 EXPLOITDB MEDIUM text WORKING POC
UpThemes Theme DesignFolio Plus 1.2 - Unrestricted Upload
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 6.3
EIP-2026-114004 EXPLOITDB text WORKING POC
WordPress Plugin Reflex Gallery 3.1.3 - Arbitrary File Upload
EIP-2026-112839 EXPLOITDB text WORKING POC
TYPO3 Extension Restler 1.7.0 - Local File Disclosure
EIP-2026-110592 EXPLOITDB text WORKING POC
Phoenix Exploit Kit - Remote Code Execution
EIP-2026-108356 EXPLOITDB text WORKING POC
Joomla! Component com_gallery_wd - SQL Injection
EIP-2026-108541 EXPLOITDB text WORKING POC
Joomla! Component com_simplephotogallery 1.0 - Arbitrary File Upload
EIP-2026-108540 EXPLOITDB text WORKING POC
Joomla! Component com_simpleimageupload - Arbitrary File Upload