Curesec Research Team - Security Researcher - Exploit Intelligence Platform

CVE-2015-9227 EXPLOITDB HIGH text WORKING POC

AlegroCart 1.2.8 - Authenticated Remote Code Execution via File Path Parameter

PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2.

CVSS 7.2

View Code

CVE-2015-9226 EXPLOITDB HIGH text WORKING POC

AlegroCart 1.2.8 - Authenticated SQL Injection via Download Parameter

Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php.

CVSS 7.2

View Code

EIP-2026-114610 EXPLOITDB text WRITEUP

ZenPhoto 1.4.11 - Remote File Inclusion

View Code

EIP-2026-114682 EXPLOITDB text WRITEUP

Mezzanine 4.2.0 - Cross-Site Scripting

View Code

EIP-2026-114625 EXPLOITDB text WRITEUP

ZeusCart 4.0 - SQL Injection

View Code

EIP-2026-114623 EXPLOITDB text WORKING POC

ZeusCart 4.0 - Cross-Site Request Forgery

View Code

EIP-2026-111288 EXPLOITDB text WRITEUP

PivotX 2.3.11 - Directory Traversal

View Code

EIP-2026-111342 EXPLOITDB text WRITEUP

Pligg CMS 2.0.2 - Multiple SQL Injections

View Code

EIP-2026-111341 EXPLOITDB text WRITEUP

Pligg CMS 2.0.2 - Directory Traversal

View Code

EIP-2026-111340 EXPLOITDB text WRITEUP

Pligg CMS 2.0.2 - Cross-Site Request Forgery / Code Execution

View Code

EIP-2026-111210 EXPLOITDB text WORKING POC

PhpSocial 2.0.0304_20222226 - Cross-Site Request Forgery

View Code

EIP-2026-111119 EXPLOITDB text WRITEUP

phplist 3.2.6 - SQL Injection

View Code

EIP-2026-110285 EXPLOITDB text WORKING POC

OpenDocMan 1.3.4 - Cross-Site Request Forgery

View Code

EIP-2026-109700 EXPLOITDB text WRITEUP

MyBB 1.8.6 - Cross-Site Scripting

View Code

EIP-2026-109701 EXPLOITDB text WRITEUP

MyBB 1.8.6 - SQL Injection

View Code

CVE-2013-6225 EXPLOITDB CRITICAL text WRITEUP

LiveZilla 5.0.1.4 - Remote Code Execution via Path Traversal

LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability

CVSS 9.8

View Code

EIP-2026-109097 EXPLOITDB text WRITEUP

LEPTON 2.2.2 - SQL Injection

View Code

EIP-2026-109096 EXPLOITDB text WRITEUP

LEPTON 2.2.2 - Remote Code Execution

View Code

EIP-2026-108961 EXPLOITDB text WRITEUP

Kajona 4.7 - Cross-Site Scripting / Directory Traversal

View Code

EIP-2026-107301 EXPLOITDB text WRITEUP

FUDforum 3.0.6 - Local File Inclusion

View Code

EIP-2026-107489 EXPLOITDB text WORKING POC

Grawlix 1.0.3 - Cross-Site Request Forgery

View Code

EIP-2026-107300 EXPLOITDB text WRITEUP

FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery

View Code

EIP-2026-105941 EXPLOITDB text WRITEUP

ClipperCMS 1.3.0 - Multiple SQL Injections

View Code

EIP-2026-106050 EXPLOITDB text WRITEUP

CodoForum 3.3.1 - Multiple SQL Injections

View Code

EIP-2026-105472 EXPLOITDB text WRITEUP

BigTree CMS 4.2.3 - (Authenticated) SQL Injection

View Code