Ihsan Sencan

985 exploits Active since Sep 2017
EIP-2026-108891 EXPLOITDB text WRITEUP
Joomla! Component Vik Rent Car 1.11 - SQL Injection
EIP-2026-108892 EXPLOITDB text WRITEUP
Joomla! Component Vik Rent Items 1.3 - SQL Injection
CVE-2018-6395 EXPLOITDB CRITICAL text WORKING POC
Visual Calendar 3.1.3 - SQL Injection via id Parameter
SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action.
CVSS 9.8
EIP-2026-108894 EXPLOITDB text WORKING POC
Joomla! Component VMap 1.9.6 - SQL Injection
EIP-2026-108895 EXPLOITDB text WORKING POC
Joomla! Component vRestaurant 1.9.4 - SQL Injection
EIP-2026-108896 EXPLOITDB text WORKING POC
Joomla! Component vReview 1.9.11 - SQL Injection
EIP-2026-108897 EXPLOITDB text WORKING POC
Joomla! Component vWishlist 1.0.1 - SQL Injection
EIP-2026-108899 EXPLOITDB text WORKING POC
Joomla! Component WMT Content Timeline 1.0 - 'id' SQL Injection
EIP-2026-108904 EXPLOITDB text WORKING POC
Joomla! Component Zap Calendar Lite 4.3.4 - SQL Injection
CVE-2018-6605 EXPLOITDB CRITICAL text WORKING POC
Zh BaiduMap 3.0.0.1 - SQL Injection via id Parameter
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
CVSS 9.8
CVE-2018-6582 EXPLOITDB CRITICAL text WORKING POC
Zh GoogleMap 8.4.0.0 - SQL Injection via id Parameter
SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
CVSS 9.8
CVE-2017-15966 EXPLOITDB CRITICAL text WORKING POC
Zh YandexMap 6.1.1.0 - SQL Injection via placemarklistid Parameter
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
CVSS 9.8
CVE-2018-6604 EXPLOITDB CRITICAL html WORKING POC
Zh YandexMap 6.2.1.0 - SQL Injection via id Parameter
SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request.
CVSS 9.8
CVE-2018-5987 EXPLOITDB CRITICAL text WORKING POC
Pinterest Clone Social Pinboard 2.0 - SQL Injection
SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action.
CVSS 9.8
EIP-2026-108938 EXPLOITDB text WRITEUP
Just Another Video Script 1.4.3 - SQL Injection
EIP-2026-108941 EXPLOITDB text WORKING POC
Just Dial Marketplace - Authentication Bypass
EIP-2026-108942 EXPLOITDB text WRITEUP
Just Dial Marketplace 1.0 - SQL Injection
EIP-2026-108944 EXPLOITDB text WORKING POC
Justdial Clone Script - 'fid' SQL Injection
EIP-2026-108945 EXPLOITDB text WORKING POC
Justdial Clone Script - Authentication Bypass
CVE-2018-18755 EXPLOITDB CRITICAL text WORKING POC
K-iwi Framework 1775 - SQL Injection via user_group_id or user_id Parameter
K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter.
CVSS 9.8
CVE-2017-17618 EXPLOITDB CRITICAL text WRITEUP
Kickstarter Clone Script 2.0 - SQL Injection via investcalc.php projid Parameter
Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.
CVSS 9.8
EIP-2026-109040 EXPLOITDB text WORKING POC
KORA 2.7.0 - 'cid' SQL Injection
EIP-2026-109041 EXPLOITDB text WORKING POC
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
EIP-2026-109060 EXPLOITDB text WORKING POC
Ladder System 6.0 - 'faqid' SQL Injection
CVE-2017-17619 EXPLOITDB CRITICAL text WORKING POC
Laundry Booking Script 1.0 - SQL Injection via City Parameter
Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.
CVSS 9.8