Ihsan Sencan

985 exploits Active since Sep 2017
CVE-2018-25409 EXPLOITDB HIGH text WORKING POC
SIM-PKH 2.4.1 - Arbitrary File Upload via aksi_pengurus.php
SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksi_pengurus.php endpoint with module=pengurus and act=update parameters, which are stored in the foto directory and executed as web scripts.
CVSS 8.8
CVE-2018-25408 EXPLOITDB HIGH text WORKING POC
The Open ISES Project 3.30A Path Traversal Arbitrary File Download
The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to access files outside the intended directory, including configuration files and system files.
CVSS 7.5
CVE-2018-25407 EXPLOITDB HIGH text WORKING POC
eNdonesia Portal 8.7 SQL Injection via mod.php
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across publisher, diskusi, galeri, content, and about modules to extract database information including usernames, database names, and version details.
CVSS 8.2
CVE-2018-25406 EXPLOITDB HIGH text WORKING POC
eNdonesia Portal 8.7 SQL Injection via mod.php
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across publisher, diskusi, galeri, content, and about modules to extract database credentials, usernames, and version information.
CVSS 8.2
CVE-2018-25405 EXPLOITDB HIGH text WORKING POC
eNdonesia Portal 8.7 SQL Injection via mod.php
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters to extract sensitive database information including usernames, database names, and version details.
CVSS 8.2
CVE-2018-25390 EXPLOITDB HIGH text WORKING POC
HaPe PKH 1.1 SQL Injection via desa Parameter
HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'desa' POST parameter sent to lap-peserta-perdesa-pdf.php. Attackers can send a crafted request with a time-based blind payload to infer and extract sensitive database information.
CVSS 8.2
CVE-2018-25389 EXPLOITDB HIGH text WORKING POC
HaPe PKH 1.1 SQL Injection via nama_kelompok Parameter
HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'nama_kelompok' POST parameter sent to lap-anggota-kelompok-pdf.php. Attackers can send a crafted request with a time-based blind payload to infer and extract sensitive database information.
CVSS 8.2
CVE-2018-25388 EXPLOITDB HIGH text WORKING POC
HaPe PKH 1.1 Arbitrary File Upload via aksi_foto.php
HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksi_foto.php, aksi_user.php, and aksi_kecamatan.php to execute arbitrary code on the server.
CVSS 8.8
CVE-2018-25387 EXPLOITDB MEDIUM text WORKING POC
HaPe PKH 1.1 Cross-Site Request Forgery via aksi_user.php
HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft malicious forms targeting the aksi_user.php script with parameters like id_user, password, and level to modify admin credentials without authentication.
CVSS 5.3
CVE-2018-25386 EXPLOITDB HIGH text WORKING POC
HaPe PKH 1.1 SQL Injection via id Parameter in admin/media.php
HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module (module=desa&act=hapus), while authenticated users can exploit the pengurus, fasilitas, and kelompok modules (for example act=print, act=editpengurus, act=editfasilitas, and act=editkelompok). Successful exploitation allows extraction of sensitive database information including the current user, database name, and DBMS version.
CVSS 8.2
CVE-2018-25385 EXPLOITDB HIGH text WORKING POC
E-Registrasi Pencak Silat 18.10 SQL Injection via id_partai
E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id_partai parameter. Attackers can send GET requests to monitor_nilai.php with crafted SQL payloads in the id_partai parameter to extract sensitive database information including admin credentials and user data.
CVSS 8.2
CVE-2018-25382 EXPLOITDB HIGH text WORKING POC
Zechat 1.5 SQL Injection via uname Parameter
Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column names, and sensitive data from the information_schema database.
CVSS 8.2
CVE-2018-25404 EXPLOITDB HIGH text WORKING POC
The Open ISES Project 3.30A SQL Injection via add_facnote.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticket_id parameter. Attackers can send GET requests to add_facnote.php with crafted SQL payloads to extract sensitive database information including version details and other data.
CVSS 8.2
CVE-2018-25403 EXPLOITDB HIGH text WORKING POC
The Open ISES Project 3.30A SQL Injection via city_graph.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to city_graph.php with crafted SQL payloads to extract sensitive database information including schema names and other data.
CVSS 8.2
CVE-2018-25402 EXPLOITDB HIGH text WORKING POC
The Open ISES Project 3.30A SQL Injection via inc_types_graph.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inc_types_graph.php with crafted SQL payloads to extract sensitive database information including schema names and other data.
CVSS 8.2
CVE-2018-25401 EXPLOITDB HIGH text WORKING POC
The Open ISES Project 3.30A SQL Injection via sever_graph.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to sever_graph.php with crafted SQL payloads to extract sensitive database information including schema names and other data.
CVSS 8.2
CVE-2018-25400 EXPLOITDB HIGH text WORKING POC
The Open ISES Project 3.30A SQL Injection via form_post.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/form_post.php endpoint with crafted SQL payloads to extract sensitive database information including schema names and other data.
CVSS 8.2
CVE-2018-25399 EXPLOITDB HIGH text WORKING POC
The Open ISES Project 3.30A SQL Injection via nearby.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick_lat and tick_lng parameters. Attackers can send GET requests to nearby.php with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.
CVSS 8.2
CVE-2018-25398 EXPLOITDB HIGH text WORKING POC
The Open ISES Project 3.30A SQL Injection via main.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm_passwd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.
CVSS 8.2
CVE-2018-25395 EXPLOITDB HIGH text WORKING POC
Kados R10 GreenBee SQL Injection via update_feature.php
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature_id parameter of boards_buttons/update_feature.php. The feature_id value is concatenated directly into SQL statements without sanitization, allowing attackers to send a crafted GET request with a UNION-based payload to extract sensitive database information including the current user, database name, and DBMS version.
CVSS 8.2
CVE-2018-25394 EXPLOITDB HIGH text WORKING POC
Kados R10 GreenBee SQL Injection via update_release.php
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release_id parameter of boards_buttons/update_release.php. The release_id value is concatenated directly into SQL statements without sanitization, allowing attackers to send a crafted GET request with a UNION-based payload to extract sensitive database information including the current user, database name, and DBMS version.
CVSS 8.2
CVE-2018-25393 EXPLOITDB MEDIUM text WORKING POC
Navigate CMS 2.8.5 Path Traversal via navigate_download.php
Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate_download.php with path traversal payloads ../../../cfg/globals.php to access sensitive configuration files and system files outside the intended directory.
CVSS 6.5
CVE-2018-25392 EXPLOITDB HIGH text WORKING POC
MaxOn ERP Software 8.x-9.x SQL Injection via nomor Parameter
MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log_activity function. Attackers can send POST requests to /index.php/user/log_activity with malicious SQL code in these parameters to extract sensitive database information including version and database names.
CVSS 7.1
CVE-2018-25391 EXPLOITDB HIGH text WORKING POC
HaPe PKH 1.1 Missing Authorization Allows Unauthenticated Record Deletion
HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target record's id. The admin/modul/mod_pengurus/aksi_pengurus.php (module=pengurus&act=hapus) and admin/modul/mod_update/aksi_update.php (module=update&act=hapus) endpoints process deletions without verifying the requester's privileges, enabling removal of pengurus (administrator) and update records.
CVSS 7.5
CVE-2019-25707 EXPLOITDB HIGH text WORKING POC
eBrigade ERP 4.5 SQL Injection via pdf.php
eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table names and schema details.
CVSS 7.1