Ihsan Sencan - Security Researcher - Exploit Intelligence Platform

CVE-2018-6397 EXPLOITDB HIGH text WRITEUP

Picture Calendar 3.1.4 - Path Traversal via List.php Folder Parameter

Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter.

CVSS 7.5

View Code

CVE-2018-7314 EXPLOITDB CRITICAL text WORKING POC

PrayerCenter 3.0.2 - SQL Injection via Session ID Parameter

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.

CVSS 9.8

View Code

EIP-2026-108834 EXPLOITDB text WORKING POC

Joomla! Component Price Alert 3.0.2 - 'product_id' SQL Injection

View Code

CVE-2018-7316 EXPLOITDB CRITICAL text WRITEUP

Proclaim 9.1.1 - Arbitrary File Upload via Mediafileform Action

Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action.

CVSS 9.8

View Code

CVE-2018-7317 EXPLOITDB HIGH text WRITEUP

Proclaim 9.1.1 - Unauthenticated Sensitive Information Exposure via Backup File Download

Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/.

CVSS 7.5

View Code

CVE-2018-6024 EXPLOITDB CRITICAL text WORKING POC

Joomla! Project Log 1.5.3 - SQL Injection

SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.

CVSS 9.8

View Code

CVE-2018-17377 EXPLOITDB CRITICAL text WORKING POC

Questions 1.4.3 - SQL Injection via Term Userid Users or Groups Parameter

SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter.

CVSS 9.8

View Code

EIP-2026-108838 EXPLOITDB text WORKING POC

Joomla! Component Quiz Deluxe 3.7.4 - SQL Injection

View Code

CVE-2018-17379 EXPLOITDB CRITICAL text WORKING POC

Raffle Factory 3.5.2 - SQL Injection

SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter.

CVSS 9.8

View Code

EIP-2026-108841 EXPLOITDB text WORKING POC

Joomla! Component RealEstateManager 3.9 - SQL Injection

View Code

CVE-2018-6005 EXPLOITDB CRITICAL text WORKING POC

realpin < 1.5.04 - SQL Injection via Pinboard Parameter

SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.

CVSS 9.8

View Code

EIP-2026-108844 EXPLOITDB text WORKING POC

Joomla! Component Recipe Manager 2.2 - 'id' SQL Injection

View Code

EIP-2026-108848 EXPLOITDB text WORKING POC

Joomla! Component Responsive Portfolio 1.6.1 - SQL Injection

View Code

CVE-2018-17376 EXPLOITDB CRITICAL text WORKING POC

Joomla! Reverse Auction Factory 4.3.8 - SQL Injection

SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter.

CVSS 9.8

View Code

EIP-2026-108849 EXPLOITDB text WORKING POC

Joomla! Component Room Management 1.0 - SQL Injection

View Code

CVE-2018-7180 EXPLOITDB CRITICAL text WORKING POC

Saxum Astro 4.0.14 - SQL Injection via publicid Parameter

SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.

CVSS 9.8

View Code

CVE-2018-7177 EXPLOITDB CRITICAL text WORKING POC

Saxum Numerology 3.0.4 - SQL Injection via publicid Parameter

SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.

CVSS 9.8

View Code

CVE-2018-7178 EXPLOITDB CRITICAL text WORKING POC

Saxum Picker 3.2.10 - SQL Injection via Publicid Parameter

SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.

CVSS 9.8

View Code

EIP-2026-108854 EXPLOITDB text WORKING POC

Joomla! Component SIMGenealogy 2.1.5 - SQL Injection

View Code

EIP-2026-108855 EXPLOITDB text WORKING POC

Joomla! Component Simple Membership 3.3.3 - 'userId' SQL Injection

View Code

CVE-2018-5974 EXPLOITDB CRITICAL text WORKING POC

SimpleCalendar 3.1.9 - SQL Injection

SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.

CVSS 9.8

View Code

CVE-2018-5975 EXPLOITDB CRITICAL text WORKING POC

Joomla! Smart Shoutbox 3.0.0 - SQL Injection

SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI.

CVSS 9.8

View Code

EIP-2026-108860 EXPLOITDB text WRITEUP

Joomla! Component Soccer Bet 4.1.5 - 'userid' SQL Injection

View Code

CVE-2018-17385 EXPLOITDB CRITICAL text WORKING POC

Social Factory 3.8.3 - SQL Injection

SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter.

CVSS 9.8

View Code

CVE-2018-5980 EXPLOITDB CRITICAL text WORKING POC

Solidres 2.5.1 - SQL Injection via Hub Search Direction Parameter

SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.

CVSS 9.8

View Code