EgiX

136 exploits Active since Feb 2005
CVE-2026-49952 GITHUB CRITICAL WORKING POC
Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle
Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting a shared cryptographic key between UCenter integration and the database backup API exposed by dbbak.php. Attackers can inject a crafted payload through the username parameter during login to abuse the encryption oracle in logging_ctl::logging_more(), obtain a legitimately signed token, and use it to bypass authorization for database export and import operations, with the additional ability to trigger a race condition to impersonate arbitrary users.
CVSS 9.1
CVE-2025-48828 NOMISEC CRITICAL WORKING POC
vBulletin Template Conditionals - PHP Code Execution
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "var_dump"("test") syntax, attackers can bypass security checks and execute arbitrary PHP code, as exploited in the wild in May 2025.
CVSS 9.0
CVE-2020-13383 METASPLOIT HIGH ruby WORKING POC
openSIS <= 7.4 - Path Traversal
openSIS through 7.4 allows Directory Traversal.
CVSS 7.5
CVE-2020-13382 METASPLOIT CRITICAL ruby WORKING POC
openSIS <= 7.4 - Unauthenticated PHP Code Execution
openSIS through 7.4 has Incorrect Access Control.
CVSS 9.1
CVE-2011-4074 EXPLOITDB php WORKING POC
phpLDAPadmin 1.2.x - Cross-Site Scripting via _debug Command
Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command.
CVE-2005-0613 EXPLOITDB php WORKING POC
FCKeditor 2.0 RC2 - Unauthenticated Arbitrary File Upload
Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files.
CVE-2025-25034 EXPLOITDB CRITICAL ruby WORKING POC
SugarCRM - Unauthenticated Remote Code Execution via PHP Object Injection
A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the rest_data parameter before passing it to the unserialize() function. This allows an unauthenticated attacker to submit crafted serialized data containing malicious object declarations, resulting in arbitrary code execution within the application context. Although SugarCRM released a prior fix in advisory sugarcrm-sa-2016-001, the patch was incomplete and failed to address some vectors. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-13 UTC.
CVE-2013-1412 EXPLOITDB ruby WORKING POC
DataLife Engine 9.7 - Remote Code Execution via catlist[] Parameter
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
CVE-2013-1412 EXPLOITDB text WRITEUP
DataLife Engine 9.7 - Remote Code Execution via catlist[] Parameter
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
CVE-2013-3212 EXPLOITDB HIGH text WRITEUP
vtiger CRM < 5.4.0 - Local File Inclusion and Remote Code Execution via customerportal.php
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.
CVSS 8.1
CVE-2012-3996 EXPLOITDB php WORKING POC
TikiWiki CMS/Groupware < 8.2 - Exposure of Sensitive Information via Direct Request
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
CVE-2012-1125 EXPLOITDB php WORKING POC
Kish Guest Posting Plugin < 1.2 - Unauthenticated Arbitrary File Upload via uploadify.php
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.
CVE-2012-1495 EXPLOITDB CRITICAL php WORKING POC
WebCalendar < 1.2.5 - Remote Code Execution via form_single_user_login Parameter
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
CVSS 9.8
CVE-2011-10013 EXPLOITDB CRITICAL ruby WORKING POC
Traq Project Issue Tracking System 2.0-2.3 - Unauthenticated Remote Code Execution via Admin Plugin Injection
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code.
CVE-2011-10013 EXPLOITDB CRITICAL php WORKING POC
Traq Project Issue Tracking System 2.0-2.3 - Unauthenticated Remote Code Execution via Admin Plugin Injection
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code.
CVE-2011-10011 EXPLOITDB CRITICAL ruby WORKING POC
WeBid < 1.0.2 - Unauthenticated Remote Code Execution via Converter.php to Parameter
WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remote code execution when the modified script is accessed or included by the application.
CVE-2011-10011 EXPLOITDB CRITICAL php WORKING POC
WeBid < 1.0.2 - Unauthenticated Remote Code Execution via Converter.php to Parameter
WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remote code execution when the modified script is accessed or included by the application.
CVE-2008-6132 EXPLOITDB php WORKING POC
phpScheduleIt <1.2.10 - Code Injection
Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.
CVE-2012-0911 EXPLOITDB CRITICAL ruby WORKING POC
TikiWiki CMS/Groupware < 6.7 LTS & < 8.4 - RCE
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.
CVSS 9.8
CVE-2011-4337 EXPLOITDB php WORKING POC
Support Incident Tracker 3.45-3.65 - Remote Code Execution via Lang Parameter in translate.php
Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.
CVE-2008-7153 EXPLOITDB php WORKING POC
Docebo < 3.5.0.3 - SQL Injection via Accept-Language HTTP Header
SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command.
CVE-2008-2194 EXPLOITDB php WORKING POC
deluxebb < 1.1 - SQL Injection via forums.php sort Parameter
SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.
CVE-2007-6622 EXPLOITDB php WORKING POC
ZeusCMS < 0.3 - SQL Injection via Referer HTTP Header
SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
CVE-2008-3481 EXPLOITDB php WORKING POC
Coppermine Photo Gallery <1.4.18 - Info Disclosure
themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
CVE-2008-3117 EXPLOITDB php WORKING POC
phpmotion < 2.0 - Authenticated Arbitrary File Upload via update_profile.php
Unrestricted file upload vulnerability in update_profile.php in PHPmotion 2.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a .php file with a content type of (1) image/gif, (2) image/jpeg, or (3) image/pjpeg, then accessing it via a direct request to the file under pictures/.