Ihsan Sencan

985 exploits Active since Sep 2017
CVE-2018-25190 EXPLOITDB MEDIUM text WORKING POC
Easyndexer 1.0 - Unauthenticated Cross-Site Request Forgery via createuser.php
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that submit POST requests to createuser.php with parameters including username, password, name, surname, and privileges set to 1 for administrator access.
CVSS 5.3
CVE-2018-25189 EXPLOITDB HIGH text WORKING POC
Data Center Audit 2.6.2 - SQL Injection
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive database information including usernames, database names, and version details.
CVSS 8.2
CVE-2018-25188 EXPLOITDB HIGH text WORKING POC
Webiness Inventory 2.3 - SQL Injection
Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attackers can send POST requests to the WsModelGrid.php endpoint with crafted SQL payloads to extract sensitive database information including usernames, databases, and version details.
CVSS 8.2
CVE-2018-25187 EXPLOITDB HIGH text WORKING POC
Tina4 Stack 1.0.3 - Unauthenticated SQL Injection and Database File Download via Menu Endpoint
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the menu endpoint to manipulate database queries.
CVSS 8.2
CVE-2018-25186 EXPLOITDB MEDIUM text WORKING POC
Tina4 Stack 1.0.3 - Cross-Site Request Forgery via Profile Endpoint
Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can craft HTML forms targeting the /kim/profile endpoint with hidden fields containing malicious user data like passwords and email addresses to update administrator accounts without authentication.
CVSS 5.3
CVE-2018-25184 EXPLOITDB MEDIUM text WORKING POC
Surreal ToDo 0.6.1.2 - Path Traversal
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files like configuration and initialization files.
CVSS 6.2
CVE-2018-25182 EXPLOITDB HIGH text WORKING POC
Silurus Classifieds Script 2.0 - SQL Injection
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can send GET requests to wcategory.php with crafted SQL payloads in the ID parameter to extract database table names and sensitive information from the database.
CVSS 8.2
CVE-2018-25181 EXPLOITDB HIGH text WORKING POC
Musicco 2.0.0 - Unauthenticated Path Traversal via Parent Parameter
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system directories and download them as ZIP files.
CVSS 7.5
CVE-2018-25180 EXPLOITDB HIGH text WORKING POC
Maitra 1.7.2 - Authenticated SQL Injection via Mailid Parameter
Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the application directory to extract sensitive mail tracking data and credentials.
CVSS 7.1
CVE-2018-25179 EXPLOITDB HIGH text WORKING POC
Gumbo CMS 0.99 - Unauthenticated SQL Injection via Settings Endpoint Language Parameter
Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can send POST requests to the settings endpoint with crafted SQL payloads in the language parameter to extract sensitive database information including usernames, databases, and version details.
CVSS 8.2
CVE-2018-25178 EXPLOITDB HIGH text WORKING POC
rul10 easyndexer 1.0 - Unauthenticated Arbitrary File Download via showtif.php File Parameter
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like configuration and initialization files.
CVSS 7.5
CVE-2018-25177 EXPLOITDB MEDIUM text WORKING POC
Data Center Audit 2.6.2 - Unauthenticated Cross-Site Request Forgery via dca_resetpw.php
Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attackers can send requests to dca_resetpw.php with parameters updateuser, pass, pass2, and submit_reset to change the admin account password and gain administrative access.
CVSS 5.3
CVE-2018-25176 EXPLOITDB HIGH text WORKING POC
Alive Parish 2.0.4 - Unauthenticated SQL Injection and Arbitrary File Upload
Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to the images/uploaded directory for remote code execution.
CVSS 8.2
CVE-2018-25175 EXPLOITDB HIGH text WORKING POC
Alienor Web Libre 2.0 - SQL Injection
Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifiant field to extract sensitive database information including usernames, databases, and version details.
CVSS 8.2
CVE-2018-25174 EXPLOITDB MEDIUM text WORKING POC
ABC ERP 0.6.4 - Cross-Site Request Forgery via _configurar_perfil.php
ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. Attackers can craft malicious forms or links containing parameters like usuario, contrasena1, contrasena2, nombre, and email to change admin account settings without authentication.
CVSS 5.3
CVE-2018-25173 EXPLOITDB HIGH text WORKING POC
Rmedia SMS 1.0 - Unauthenticated SQL Injection via editgrp.php gid Parameter
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retrieve schema names and sensitive database data.
CVSS 8.2
CVE-2018-25172 EXPLOITDB HIGH text WORKING POC
Pedidos 1.0 - Unauthenticated SQL Injection via 'q' Parameter in load_proveedores.php
Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to the ajax/load_proveedores.php endpoint with crafted SQL payloads to extract sensitive database information including schema names and table structures.
CVSS 8.2
CVE-2018-25171 EXPLOITDB HIGH text WORKING POC
EdTv 2 - Unauthenticated SQL Injection via 'id' Parameter
EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/edit_source endpoint with crafted SQL UNION statements to extract database information including schema names, user credentials, and version details.
CVSS 8.2
CVE-2018-25170 EXPLOITDB HIGH text WORKING POC
DoceboLMS 1.2 - Unauthenticated SQL Injection via lesson.php Parameters
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive database information.
CVSS 8.2
CVE-2018-25169 EXPLOITDB HIGH python WORKING POC
AMPPS 2.7 - Denial of Service via Malformed Socket Connection
AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability.
CVSS 7.5
CVE-2018-25168 EXPLOITDB MEDIUM text WORKING POC
Precurio Intranet Portal 2.0 - CSRF
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameters to add new admin accounts without requiring CSRF tokens or user interaction.
CVSS 4.3
CVE-2018-25167 EXPLOITDB HIGH text WORKING POC
Net-Billetterie 2.9 - SQL Injection
Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames, passwords, and system credentials.
CVSS 8.2
CVE-2018-25166 EXPLOITDB HIGH text WORKING POC
Meneame English Pligg 5.8 - SQL Injection
Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to index.php with crafted SQL payloads in the search parameter to extract sensitive database information including usernames, database names, and version details.
CVSS 8.2
CVE-2018-25165 EXPLOITDB HIGH text WORKING POC
Galaxy Forces MMORPG 0.5.8 - SQL Injection
Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. Attackers can send POST requests to ads.php with crafted SQL payloads in the type parameter to extract sensitive database information including usernames, databases, and version details.
CVSS 7.1
CVE-2018-25164 EXPLOITDB HIGH text WORKING POC
EverSync 0.5 - Unauthenticated Arbitrary File Download via Files Directory
EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can send GET requests to the files directory to download database files like db.sq3 containing application data and credentials.
CVSS 7.5