Ihsan Sencan

985 exploits Active since Sep 2017
EIP-2026-110555 EXPLOITDB text WORKING POC
Pet Listing Script 3.0 - SQL Injection
CVE-2017-15969 EXPLOITDB CRITICAL text WORKING POC
Pilotgroup Allsharevideo - SQL Injection
PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category.
CVSS 9.8
CVE-2017-14839 EXPLOITDB HIGH text WRITEUP
TeamWork Photo Fusion - Arbitrary File Upload
TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover.
CVSS 8.8
EIP-2026-110545 EXPLOITDB text WRITEUP
Penny Auction Script - Arbitrary File Upload
EIP-2026-110672 EXPLOITDB text SUSPICIOUS
PHP Classifieds Script 5.6.2 - SQL Injection
EIP-2026-110617 EXPLOITDB text WORKING POC
Photogallery Project 1.0 - SQL Injection
CVE-2018-18800 EXPLOITDB CRITICAL text WORKING POC
Tubigan Welcome to our Resort 1.0 - SQL Injection via index.php or admin/login.php Parameters
The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.
CVSS 9.8
EIP-2026-110675 EXPLOITDB text WORKING POC
PHP Coupon Script 6.0 - 'cid' SQL Injection
CVE-2017-17651 EXPLOITDB CRITICAL text WORKING POC
Paid To Read Script 2.0.5 - SQL Injection via Admin Panel Parameters
Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.
CVSS 9.8
EIP-2026-110478 EXPLOITDB text WRITEUP
Parcel Delivery Booking Script 1.0 - SQL Injection
EIP-2026-110499 EXPLOITDB html WORKING POC
Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery (Update Admin)
EIP-2026-110679 EXPLOITDB text WRITEUP
PHP Dashboards NEW 4.4 - SQL Injection
EIP-2026-110500 EXPLOITDB text WRITEUP
Pay Banner Text Link Ad 1.0.6.1 - SQL Injection
EIP-2026-110678 EXPLOITDB text WRITEUP
PHP Dashboards NEW 4.4 - Arbitrary File Read
EIP-2026-110324 EXPLOITDB text WRITEUP
Opensource Classified Ads Script - 'keyword' SQL Injection
CVE-2017-17623 EXPLOITDB CRITICAL html WORKING POC
Opensource Classified Ads Script 3.2 - SQL Injection via Advance Result Keyword Parameter
Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.
CVSS 9.8
EIP-2026-110237 EXPLOITDB text WORKING POC
Open Source Real-Estate Script - SQL Injection
EIP-2026-110161 EXPLOITDB text WORKING POC
Online Quiz Project 1.0 - SQL Injection
EIP-2026-110199 EXPLOITDB text WRITEUP
Online Tshirt Design Script - SQL Injection
EIP-2026-110217 EXPLOITDB text WORKING POC
OPAC EasyWeb Five 5.7 - 'nome' SQL Injection
EIP-2026-110130 EXPLOITDB text WORKING POC
Online Job Portal 1.0 - Remote Code Execution
EIP-2026-110145 EXPLOITDB text WRITEUP
Online Mobile Recharge Script - SQL Injection
EIP-2026-110156 EXPLOITDB text WORKING POC
Online Print Business 1.0 - SQL Injection
EIP-2026-110128 EXPLOITDB text WORKING POC
Online Job Portal 1.0 - Cross Site Request Forgery (Add User)
EIP-2026-110123 EXPLOITDB text WORKING POC
Online Invoice System 3.0 - SQL Injection