Ihsan Sencan

985 exploits Active since Sep 2017
CVE-2017-20081 EXPLOITDB MEDIUM text WORKING POC
Hindu Matrimonial Script - Privilege Escalation
A vulnerability, which was classified as critical, was found in Hindu Matrimonial Script. This affects an unknown part of the file /admin/reports.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2017-20080 EXPLOITDB MEDIUM text WORKING POC
Hindu Matrimonial Script - Privilege Escalation
A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. Affected by this issue is some unknown functionality of the file /admin/googleads.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2017-20079 EXPLOITDB MEDIUM text WORKING POC
Hindu Matrimonial Script - Privilege Escalation
A vulnerability classified as critical was found in Hindu Matrimonial Script. Affected by this vulnerability is an unknown functionality of the file /admin/photo.php. The manipulation leads to improper privilege management. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2017-20078 EXPLOITDB MEDIUM text WORKING POC
Hindu Matrimonial Script - Privilege Escalation
A vulnerability classified as critical has been found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/featured.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2017-20077 EXPLOITDB MEDIUM text WORKING POC
Hindu Matrimonial Script - Privilege Escalation
A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. This issue affects some unknown processing of the file /admin/success_story.php. The manipulation leads to improper privilege management. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2017-20076 EXPLOITDB MEDIUM text WORKING POC
Hindu Matrimonial Script - Privilege Escalation
A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. This vulnerability affects unknown code of the file /admin/searchview.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2017-20075 EXPLOITDB MEDIUM text WORKING POC
Hindu Matrimonial Script - Privilege Escalation
A vulnerability was found in Hindu Matrimonial Script. It has been classified as critical. This affects an unknown part of the file /admin/payment.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2017-20074 EXPLOITDB MEDIUM text WORKING POC
Hindu Matrimonial Script - Privilege Escalation
A vulnerability was found in Hindu Matrimonial Script and classified as critical. Affected by this issue is some unknown functionality of the file /admin/newsletter1.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2017-20073 EXPLOITDB MEDIUM text WORKING POC
Hindu Matrimonial Script - Privilege Escalation
A vulnerability has been found in Hindu Matrimonial Script and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cms.php. The manipulation leads to improper privilege management. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2017-20072 EXPLOITDB MEDIUM text WORKING POC
Hindu Matrimonial Script - Privilege Escalation
A vulnerability, which was classified as critical, was found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/generalsettings.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2017-20071 EXPLOITDB MEDIUM text WORKING POC
Hindu Matrimonial Script - Privilege Escalation
A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. This issue affects some unknown processing of the file /admin/renewaldue.php. The manipulation leads to improper privilege management. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2017-20070 EXPLOITDB MEDIUM text WORKING POC
Hindu Matrimonial Script - Privilege Escalation
A vulnerability classified as critical was found in Hindu Matrimonial Script. This vulnerability affects unknown code of the file /admin/communitymanagement.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2017-20069 EXPLOITDB MEDIUM text WORKING POC
Hindu Matrimonial Script - Privilege Escalation
A vulnerability classified as critical has been found in Hindu Matrimonial Script. This affects an unknown part of the file /admin/countrymanagement.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2017-20068 EXPLOITDB MEDIUM text WORKING POC
Hindu Matrimonial Script - Privilege Escalation
A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/usermanagement.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2017-20067 EXPLOITDB HIGH text WORKING POC
Hindu Matrimonial Script - SQL Injection
A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 7.3
CVE-2018-18527 EXPLOITDB CRITICAL text WORKING POC
OwnTicket 2018-05-23 - SQL Injection via showTicketId or editTicketStatusId Parameter
OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter.
CVSS 9.8
CVE-2018-17988 EXPLOITDB CRITICAL text WORKING POC
LayerBB 1.1.1 and 1.1.3 - SQL Injection via search.php search_query Parameter
LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.
CVSS 9.8
CVE-2017-20196 EXPLOITDB MEDIUM text WRITEUP
Itechscripts School Management Software 2.75 - SQL Injection
A vulnerability was found in Itechscripts School Management Software 2.75. It has been classified as critical. This affects an unknown part of the file /notice-edit.php. The manipulation of the argument aid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2017-20128 EXPLOITDB HIGH text WORKING POC
KB Messages PHP Script 1.0 - SQL Injection
A vulnerability has been found in KB Messages PHP Script 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 7.3
CVE-2017-20127 EXPLOITDB HIGH text WORKING POC
KB Login Authentication Script 1.1 - SQL Injection
A vulnerability was found in KB Login Authentication Script 1.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 7.3
CVE-2017-20126 EXPLOITDB HIGH text WORKING POC
KB Affiliate Referral Script 1.0 - SQL Injection
A vulnerability was found in KB Affiliate Referral Script 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 7.3
CVE-2017-20125 EXPLOITDB MEDIUM text WRITEUP
Online Hotel Booking System Pro 1.2 - SQL Injection
A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2017-20124 EXPLOITDB MEDIUM text WRITEUP
Online Hotel Booking System Pro Plugin 1.0 - SQL Injection
A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2017-12761 EXPLOITDB HIGH text WORKING POC
WebFile Explorer 1.0 - SQL Injection and Arbitrary File Download via download.php id Parameter
http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attack vector is: http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php.
CVSS 7.5
CVE-2017-12760 EXPLOITDB HIGH text WRITEUP
Mobiketa 4.0 - SQL Injection via URL Parameter
Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa 4.0 is affected by: SQL Injection. The impact is: Code execution (remote).
CVSS 8.8