Ihsan Sencan

985 exploits Active since Sep 2017
CVE-2017-17591 EXPLOITDB CRITICAL text WORKING POC
Realestate Crowdfunding Script 2.7.2 - SQL Injection via single-cause.php pid Parameter
Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.
CVSS 9.8
CVE-2017-17649 EXPLOITDB MEDIUM text WRITEUP
Readymade Video Sharing Script 3.2 - HTML Injection via Comment Parameter
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.
CVSS 6.1
CVE-2017-17627 EXPLOITDB CRITICAL text WORKING POC
Readymade Video Sharing Script 3.2 - SQL Injection via Report Videos Array Parameter
Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.
CVSS 9.8
EIP-2026-111664 EXPLOITDB text WORKING POC
Rage Faces Script 1.3 - SQL Injection
CVE-2018-18760 EXPLOITDB MEDIUM text WORKING POC
RhinOS 3.0 build 1190 - Cross-Site Request Forgery
RhinOS 3.0 build 1190 allows CSRF.
CVSS 6.5
EIP-2026-111704 EXPLOITDB text WORKING POC
Real Estate Custom Script 2.0 - SQL Injection
CVE-2017-17111 EXPLOITDB CRITICAL text WORKING POC
Posty Readymade Classifieds Script 1.0 - SQL Injection
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.
CVSS 9.8
EIP-2026-111747 EXPLOITDB text WORKING POC
Responsive Events & Movie Ticket Booking Script - SQL Injection
CVE-2018-18799 EXPLOITDB HIGH text WORKING POC
School Attendance Monitoring System 1.0 - Cross-Site Request Forgery via event/controller.php
School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos.
CVSS 8.8
CVE-2017-17626 EXPLOITDB CRITICAL text WORKING POC
Readymade PHP Classified Script 3.3 - SQL Injection via Categories Subctid or Mctid Parameter
Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.
CVSS 9.8
EIP-2026-111633 EXPLOITDB text WRITEUP
Questions and Answers Script 1.1.3 - 'id' SQL Injection
EIP-2026-111634 EXPLOITDB text WORKING POC
Questions and Answers Script 2.0.0 - 'cid' SQL Injection
EIP-2026-111656 EXPLOITDB text WRITEUP
QWIKIA 1.1.1 - SQL Injection
EIP-2026-111636 EXPLOITDB text WORKING POC
Quick Count 2.0 - 'txtInstID' SQL Injection
CVE-2018-5972 EXPLOITDB CRITICAL text WORKING POC
Classified Ads CMS Quickad 4.0 - SQL Injection
SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI.
CVSS 9.8
CVE-2018-18797 EXPLOITDB HIGH text WORKING POC
School Attendance Monitoring System 1.0 - Cross-Site Request Forgery via User Edit Endpoint
School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php.
CVSS 8.8
EIP-2026-111653 EXPLOITDB text WRITEUP
Quiz Template 1.0 - 'testid' SQL Injection
EIP-2026-111572 EXPLOITDB text WORKING POC
PTCEvolution 5.50 - SQL Injection
EIP-2026-111626 EXPLOITDB text WRITEUP
Quadz School Management System 3.1 - 'uisd' SQL Injection
CVE-2017-15977 EXPLOITDB CRITICAL text WORKING POC
Protected Links - Expiring Download Links 1.0 - SQL Injection via Username Parameter
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.
CVSS 9.8
EIP-2026-111569 EXPLOITDB text WORKING POC
PTC KSV1 Script 1.7 - 'type' SQL Injection
EIP-2026-111520 EXPLOITDB text WRITEUP
Professional Service Booking Script - SQL Injection
EIP-2026-111519 EXPLOITDB text WORKING POC
Professional Service Booking 1.0 - SQL Injection
CVE-2017-17625 EXPLOITDB CRITICAL text WORKING POC
Professional Service Script 1.0 - SQL Injection via City Parameter
Professional Service Script 1.0 has SQL Injection via the service-list city parameter.
CVSS 9.8
EIP-2026-111551 EXPLOITDB text WORKING POC
Property Listing Script 3.1 - SQL Injection