Ihsan Sencan

985 exploits Active since Sep 2017
EIP-2026-105950 EXPLOITDB text WRITEUP
Clone of Oddee Script 1.1.3 - SQL Injection
EIP-2026-105936 EXPLOITDB text WORKING POC
ClipBucket 2.8 - 'id' SQL Injection
EIP-2026-105913 EXPLOITDB text WRITEUP
Client Expert 1.0.1 - SQL Injection
EIP-2026-105898 EXPLOITDB text WORKING POC
Cleanto 5.0 - SQL Injection
CVE-2017-14704 EXPLOITDB HIGH text WORKING POC
Claydip Laravel Airbnb Clone 1.0 - RCE
Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile.
CVSS 8.8
EIP-2026-105894 EXPLOITDB text WRITEUP
Classifieds Script - 'term' SQL Injection
EIP-2026-105850 EXPLOITDB text WORKING POC
CI User Login and Management 1.0 - Arbitrary File Upload
EIP-2026-105723 EXPLOITDB text WORKING POC
Card Payment 1.0 - Cross-Site Request Forgery (Update Admin)
EIP-2026-105721 EXPLOITDB text WORKING POC
Car Workshop System - SQL Injection
CVE-2017-17637 EXPLOITDB CRITICAL text WORKING POC
Car Rental Script 2.0.4 - SQL Injection via countrycode1.php val Parameter
Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.
CVSS 9.8
EIP-2026-105692 EXPLOITDB text WRITEUP
Calendar Template 2.0 - 'editid1' SQL Injection
CVE-2017-17601 EXPLOITDB CRITICAL text WORKING POC
Cab Booking Script 1.0 - SQL Injection via Service-List City Parameter
Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.
CVSS 9.8
EIP-2026-105663 EXPLOITDB text WORKING POC
Buy and Sell Market Place Software - SQL Injection
EIP-2026-105658 EXPLOITDB text WRITEUP
Business Directory Script - SQL Injection
EIP-2026-105657 EXPLOITDB text WORKING POC
Busewe 1.2 - SQL Injection
CVE-2017-17645 EXPLOITDB CRITICAL html WORKING POC
Bus Booking Script 1.0 - SQL Injection via txtname Parameter
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.
CVSS 9.8
CVE-2018-6367 EXPLOITDB CRITICAL text WORKING POC
Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 - SQL Injection via chat_window.php or search_events.php
SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.
CVSS 9.8
EIP-2026-105485 EXPLOITDB text WRITEUP
BistroStays 3.0 - 'guests' SQL Injection
CVE-2017-17876 EXPLOITDB HIGH text WORKING POC
Biometric Shift EMS 3.0 - Auth Bypass
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.
CVSS 7.5
EIP-2026-105482 EXPLOITDB text WORKING POC
Binary MLM Software 1.0 - 'pid' SQL Injection
EIP-2026-105468 EXPLOITDB text WORKING POC
Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection
CVE-2017-17595 EXPLOITDB CRITICAL text WORKING POC
Beauty Parlour Booking Script 1.0 - SQL Injection via Gender or City Parameter
Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.
CVSS 9.8
CVE-2017-17642 EXPLOITDB CRITICAL html WORKING POC
Basic Job Site Script 2.0.5 - SQL Injection via Keyword Parameter
Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.
CVSS 9.8
CVE-2017-17608 EXPLOITDB CRITICAL text WORKING POC
Child Care Script 1.0 - SQL Injection via City Parameter
Child Care Script 1.0 has SQL Injection via the /list city parameter.
CVSS 9.8
CVE-2017-17609 EXPLOITDB CRITICAL text WORKING POC
Chartered Accountant Booking Script 1.0 - SQL Injection via Service-List City Parameter
Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.
CVSS 9.8