Felipe Andrian Peixoto - Security Researcher - Exploit Intelligence Platform

CVE-2019-25503 EXPLOITDB HIGH text WORKING POC

PHPads 2.0 - SQL Injection

PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue to extract sensitive database information such as the current database name.

CVSS 7.1

View Code

CVE-2019-25433 EXPLOITDB HIGH text WORKING POC

XOOPS CMS 2.5.9 - SQL Injection

XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerar_pdf.php endpoint with malicious cid values to extract sensitive database information.

CVSS 8.2

View Code

CVE-2019-25366 EXPLOITDB HIGH text WORKING POC

microASP Portal+ CMS - SQL Injection

microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explode_tree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and concat functions to extract sensitive database information like the current database name.

CVSS 8.2

View Code

CVE-2019-13507 EXPLOITDB CRITICAL text WORKING POC

Hidea AZ Admin - SQL Injection

hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection.

CVSS 9.8

View Code

EIP-2026-114324 EXPLOITDB html WORKING POC

WordPress Theme Elegance - '/elegance/lib/scripts/dl-skin.php' Local File Disclosure

View Code

EIP-2026-114337 EXPLOITDB text WORKING POC

WordPress Theme LineNity 1.20 - Local File Inclusion

View Code

EIP-2026-114333 EXPLOITDB text WORKING POC

WordPress Theme Infocus - '/infocus/lib/scripts/dl-skin.php' Local File Disclosure

View Code

EIP-2026-111592 EXPLOITDB text WRITEUP

Puntopy - 'novedad.php' SQL Injection

View Code

EIP-2026-107618 EXPLOITDB text WRITEUP

Horde Webmail 5.1 - Open Redirect

View Code

CVE-2008-6660 EXPLOITDB text WRITEUP

Ozerov Bigdump - Unrestricted File Upload

Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote attackers to execute arbitrary code by uploading a file with an executable extension followed by a .sql extension, then accessing this file via a direct request. NOTE: some of these details are obtained from third party information.

View Code

EIP-2026-100756 EXPLOITDB text WORKING POC

Beheer Systeem - 'pbs.cgi' Remote Command Execution

View Code

EIP-2026-100926 EXPLOITDB text WORKING POC

Web Terra 1.1 - 'books.cgi' Remote Command Execution

View Code

EIP-2026-100882 EXPLOITDB text WORKING POC

Primo Interactive CMS - 'pcm.cgi' Remote Command Execution

View Code

EIP-2026-100824 EXPLOITDB text WORKING POC

innoEDIT - 'innoedit.cgi' Remote Command Execution

View Code

EIP-2026-100789 EXPLOITDB text WORKING POC

DotItYourself - 'dot-it-yourself.cgi' Remote Command Execution

View Code

CVE-2014-2847 EXPLOITDB text WRITEUP

Construtiva Cis Manager Cms - SQL Injection

SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter.

View Code

EIP-2026-100125 EXPLOITDB text WRITEUP

ASP-Nuke 2.0.7 - 'gotourl.asp' Open Redirect

View Code