Ihsan Sencan

985 exploits Active since Sep 2017
CVE-2017-15973 EXPLOITDB CRITICAL text WORKING POC
Sokial Social Network Script 1.0 - SQL Injection via id Parameter
Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php.
CVSS 9.8
EIP-2026-112433 EXPLOITDB text WORKING POC
Stock Management System 1.0 - 'brandId and categoriesId' SQL Injection
EIP-2026-112440 EXPLOITDB perl WORKING POC
Stock Photo Selling 1.0 - SQL Injection
EIP-2026-112227 EXPLOITDB text WORKING POC
Smart Chat 1.0.0 - SQL Injection
CVE-2017-14842 EXPLOITDB HIGH text WORKING POC
smsmaster_multipurpose_sms_gateway - SQL Injection via id Parameter
Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.
CVSS 8.8
EIP-2026-112281 EXPLOITDB text WRITEUP
SOA School Management - 'view' SQL Injection
EIP-2026-112173 EXPLOITDB text WORKING POC
SIPve 0.0.2-R19 - SQL Injection
EIP-2026-112135 EXPLOITDB text WORKING POC
Simple POS and Inventory 1.0 - 'cat' SQL Injection
EIP-2026-112171 EXPLOITDB text WORKING POC
Single Theater Booking Script - 'newsid' SQL Injection
CVE-2017-17634 EXPLOITDB CRITICAL text WORKING POC
Single Theater Booking Script 3.2.1 - SQL Injection via findcity.php q Parameter
Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
CVSS 9.8
EIP-2026-112089 EXPLOITDB text WORKING POC
Simple E-Document 1.31 - 'username' SQL Injection
EIP-2026-112287 EXPLOITDB text WORKING POC
Social Directory Script 2.0 - SQL Injection
EIP-2026-112068 EXPLOITDB text WORKING POC
Simple Chat System 1.0 - 'id' SQL Injection
CVE-2017-17593 EXPLOITDB HIGH text WRITEUP
Simple Chatting System 1.0 - Arbitrary File Upload via my_profile.php
Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/.
CVSS 7.5
EIP-2026-112293 EXPLOITDB text WRITEUP
Social Network Script 3.01 - 'id' SQL Injection
EIP-2026-112295 EXPLOITDB text WRITEUP
Social News and Bookmarking Script - SQL Injection
EIP-2026-111664 EXPLOITDB text WORKING POC
Rage Faces Script 1.3 - SQL Injection
CVE-2017-17111 EXPLOITDB CRITICAL text WORKING POC
Posty Readymade Classifieds Script 1.0 - SQL Injection
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.
CVSS 9.8
EIP-2026-111656 EXPLOITDB text WRITEUP
QWIKIA 1.1.1 - SQL Injection
CVE-2018-5972 EXPLOITDB CRITICAL text WORKING POC
Classified Ads CMS Quickad 4.0 - SQL Injection
SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI.
CVSS 9.8
EIP-2026-111653 EXPLOITDB text WRITEUP
Quiz Template 1.0 - 'testid' SQL Injection
CVE-2017-17626 EXPLOITDB CRITICAL text WORKING POC
Readymade PHP Classified Script 3.3 - SQL Injection via Categories Subctid or Mctid Parameter
Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.
CVSS 9.8
EIP-2026-111636 EXPLOITDB text WORKING POC
Quick Count 2.0 - 'txtInstID' SQL Injection
EIP-2026-111633 EXPLOITDB text WRITEUP
Questions and Answers Script 1.1.3 - 'id' SQL Injection
CVE-2017-17649 EXPLOITDB MEDIUM text WRITEUP
Readymade Video Sharing Script 3.2 - HTML Injection via Comment Parameter
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.
CVSS 6.1