Ihsan Sencan

985 exploits Active since Sep 2017
CVE-2018-18761 EXPLOITDB CRITICAL text WORKING POC
SaltOS 3.1 r8126 - SQL Injection via Login Action Parameter
SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection.
CVSS 9.8
CVE-2018-18760 EXPLOITDB MEDIUM text WORKING POC
RhinOS 3.0 build 1190 - Cross-Site Request Forgery
RhinOS 3.0 build 1190 allows CSRF.
CVSS 6.5
EIP-2026-111805 EXPLOITDB text WORKING POC
Roxy Fileman 1.4.5 - Arbitrary File Download
CVE-2018-5976 EXPLOITDB HIGH html WORKING POC
RSVP Invitation Online 1.0 - Cross-Site Request Forgery via account.php
Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password.
CVSS 8.8
CVE-2018-18763 EXPLOITDB CRITICAL text WORKING POC
SaltOS 3.1 r8126 - SQL Injection via action2 Parameter
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.
CVSS 9.8
EIP-2026-111921 EXPLOITDB text WORKING POC
School ERP Ultimate 2018 - Arbitrary File Download
CVE-2017-17632 EXPLOITDB CRITICAL text WORKING POC
Responsive Events And Movie Ticket Booking Script 3.2.1 - SQL Injection via findcity.php q Parameter
Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
CVSS 9.8
EIP-2026-111751 EXPLOITDB text WORKING POC
Responsive Matrimonial Script 4.0.1 - SQL Injection
EIP-2026-111739 EXPLOITDB text WORKING POC
Reservic 1.0 - 'id' SQL Injection
CVE-2017-17628 EXPLOITDB CRITICAL text WORKING POC
Responsive Realestate Script 3.2 - SQL Injection via Property-List tbud Parameter
Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.
CVSS 9.8
EIP-2026-111747 EXPLOITDB text WORKING POC
Responsive Events & Movie Ticket Booking Script - SQL Injection
EIP-2026-111704 EXPLOITDB text WORKING POC
Real Estate Custom Script 2.0 - SQL Injection
CVE-2017-17591 EXPLOITDB CRITICAL text WORKING POC
Realestate Crowdfunding Script 2.7.2 - SQL Injection via single-cause.php pid Parameter
Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.
CVSS 9.8
CVE-2017-17627 EXPLOITDB CRITICAL text WORKING POC
Readymade Video Sharing Script 3.2 - SQL Injection via Report Videos Array Parameter
Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.
CVSS 9.8
CVE-2017-17626 EXPLOITDB CRITICAL text WORKING POC
Readymade PHP Classified Script 3.3 - SQL Injection via Categories Subctid or Mctid Parameter
Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.
CVSS 9.8
EIP-2026-111731 EXPLOITDB text WRITEUP
Redbus Clone Script 3.05 - 'hid_Busid' SQL Injection
CVE-2017-17649 EXPLOITDB MEDIUM text WRITEUP
Readymade Video Sharing Script 3.2 - HTML Injection via Comment Parameter
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.
CVSS 6.1
EIP-2026-111758 EXPLOITDB text WORKING POC
Restaurant Website Script 1.0 - SQL Injection
EIP-2026-111653 EXPLOITDB text WRITEUP
Quiz Template 1.0 - 'testid' SQL Injection
EIP-2026-111656 EXPLOITDB text WRITEUP
QWIKIA 1.1.1 - SQL Injection
CVE-2018-5972 EXPLOITDB CRITICAL text WORKING POC
Classified Ads CMS Quickad 4.0 - SQL Injection
SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI.
CVSS 9.8
EIP-2026-111634 EXPLOITDB text WORKING POC
Questions and Answers Script 2.0.0 - 'cid' SQL Injection
EIP-2026-111636 EXPLOITDB text WORKING POC
Quick Count 2.0 - 'txtInstID' SQL Injection
EIP-2026-111633 EXPLOITDB text WRITEUP
Questions and Answers Script 1.1.3 - 'id' SQL Injection
EIP-2026-111664 EXPLOITDB text WORKING POC
Rage Faces Script 1.3 - SQL Injection