Ihsan Sencan

985 exploits Active since Sep 2017
CVE-2018-5973 EXPLOITDB CRITICAL text WORKING POC
Professional Local Directory Script 1.0 - SQL Injection
SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter.
CVSS 9.8
EIP-2026-111519 EXPLOITDB text WORKING POC
Professional Service Booking 1.0 - SQL Injection
EIP-2026-111520 EXPLOITDB text WRITEUP
Professional Service Booking Script - SQL Injection
EIP-2026-111407 EXPLOITDB text WORKING POC
Poppy Web Interface Generator 0.8 - Arbitrary File Upload
CVE-2018-18805 EXPLOITDB CRITICAL text WORKING POC
Pointofsales - SQL Injection
Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.
CVSS 9.8
EIP-2026-110702 EXPLOITDB text WORKING POC
PHP Forum Script 3.0 - SQL Injection
CVE-2017-15990 EXPLOITDB CRITICAL text WRITEUP
Savsofteproducts Phpinventory - Unrestricted File Upload
Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.
CVSS 9.8
EIP-2026-110711 EXPLOITDB text WORKING POC
PHP Jokesite 2.0 - 'joke_id' SQL Injection
EIP-2026-110682 EXPLOITDB text WORKING POC
PHP Dashboards NEW 5.8 - Local File Inclusion
EIP-2026-110678 EXPLOITDB text WRITEUP
PHP Dashboards NEW 4.4 - Arbitrary File Read
EIP-2026-110679 EXPLOITDB text WRITEUP
PHP Dashboards NEW 4.4 - SQL Injection
EIP-2026-110720 EXPLOITDB text WORKING POC
PHP Logo Designer Script - Arbitrary File Upload
EIP-2026-110681 EXPLOITDB text WORKING POC
PHP Dashboards NEW 5.8 - 'dashID' SQL Injection
EIP-2026-110666 EXPLOITDB text WORKING POC
Php Classified OLX Clone Script - 'category' SQL Injection
EIP-2026-110671 EXPLOITDB text WORKING POC
PHP Classifieds Rental Script 3.6.0 - 'scatid' SQL Injection
EIP-2026-110672 EXPLOITDB text SUSPICIOUS
PHP Classifieds Script 5.6.2 - SQL Injection
CVE-2017-15970 EXPLOITDB CRITICAL text WRITEUP
Phpcityportal - SQL Injection
PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter.
CVSS 9.8
EIP-2026-110722 EXPLOITDB text WORKING POC
PHP Mass Mail 1.0 - Arbitrary File Upload
CVE-2018-5969 EXPLOITDB HIGH html WORKING POC
Photography CMS 1.0 - Cross-Site Request Forgery via ajax_new_admin.php
Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account.
CVSS 8.8
EIP-2026-110675 EXPLOITDB text WORKING POC
PHP Coupon Script 6.0 - 'cid' SQL Injection
EIP-2026-110654 EXPLOITDB text WORKING POC
PHP B2B Script 3.05 - SQL Injection
EIP-2026-110545 EXPLOITDB text WRITEUP
Penny Auction Script - Arbitrary File Upload
EIP-2026-110555 EXPLOITDB text WORKING POC
Pet Listing Script 3.0 - SQL Injection
CVE-2017-15969 EXPLOITDB CRITICAL text WORKING POC
Pilotgroup Allsharevideo - SQL Injection
PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category.
CVSS 9.8
CVE-2018-18800 EXPLOITDB CRITICAL text WORKING POC
Tubigan Welcome to our Resort 1.0 - SQL Injection via index.php or admin/login.php Parameters
The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.
CVSS 9.8