Deyaa Muhammad

5 exploits Active since Jun 2026
CVE-2019-25731 EXPLOITDB MEDIUM text WORKING POC
Zuz Music 2.1 Persistent Cross-site Scripting via zuzconsole Contact
Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inject script code through the name, subject, and message parameters in POST requests to /gmusic/zuzconsole/___contact, which executes when administrators view messages in the inbox interface.
CVSS 6.1
CVE-2019-25730 EXPLOITDB HIGH text WORKING POC
Listing Hub CMS 1.0 SQL Injection via pages.php id
Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to pages.php with crafted id values using error-based SQL injection techniques to extract database credentials, usernames, and version information.
CVSS 8.2
CVE-2019-25726 EXPLOITDB HIGH text WORKING POC
All in One Video Downloader 1.2 SQL Injection via admin page-edit
All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id parameter to extract sensitive database information including usernames, databases, and version details.
CVSS 8.2
EIP-2026-106849 EXPLOITDB text WORKING POC
Embed Video Scripts - Persistent Cross-Site Scripting
EIP-2026-107100 EXPLOITDB text WORKING POC
Find a Place CMS Directory 1.5 - 'assets/external/data_2.php cate' SQL Injection