Ihsan Sencan

964 exploits Active since Sep 2017
EIP-2026-113316 EXPLOITDB text WORKING POC
Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)
EIP-2026-113089 EXPLOITDB text WORKING POC
Videohive Clone Script - SQL Injection
CVE-2018-5979 EXPLOITDB CRITICAL text WORKING POC
Wchat Fully Responsive PHP AJAX Chat Script 1.5 - SQL Injection
SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field.
CVSS 9.8
EIP-2026-113209 EXPLOITDB text WORKING POC
Web Based TimeSheet Script - Authentication Bypass
EIP-2026-113085 EXPLOITDB text WORKING POC
Video Subscription - SQL Injection
CVE-2017-15992 EXPLOITDB CRITICAL text WORKING POC
Website Broker Script - SQL Injection
Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.
CVSS 9.8
EIP-2026-113384 EXPLOITDB text WORKING POC
WebVet 0.1a - 'id' SQL Injection
EIP-2026-113396 EXPLOITDB text WRITEUP
Wetransfer Clone Script - Authentication Bypass
EIP-2026-113102 EXPLOITDB text WRITEUP
Vine VideoSite Creator Script - SQL Injection
EIP-2026-113068 EXPLOITDB text WRITEUP
Viavi Real Estate - SQL Injection
EIP-2026-113067 EXPLOITDB text WRITEUP
Viavi Product Review - 'id' SQL Injection
EIP-2026-113084 EXPLOITDB text WRITEUP
Video Site Creator Script - SQL Injection
EIP-2026-113103 EXPLOITDB text WORKING POC
Viral Fun Facts Sharing Script 1.1.0 - 'id' SQL Injection
CVE-2017-15975 EXPLOITDB CRITICAL text WORKING POC
Vastal Dating Zone - SQL Injection
Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.
CVSS 9.8
CVE-2017-15991 EXPLOITDB CRITICAL text WORKING POC
Vastal Agent Zone - SQL Injection
Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982.
CVSS 9.8
EIP-2026-113057 EXPLOITDB text WORKING POC
Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection
CVE-2017-17874 EXPLOITDB HIGH text WORKING POC
Vanguard Marketplace Digital Products Php - Unrestricted File Upload
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.
CVSS 8.8
CVE-2017-17873 EXPLOITDB CRITICAL text WORKING POC
Vanguard Marketplace Digital Products Php - SQL Injection
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.
CVSS 9.8
EIP-2026-113066 EXPLOITDB text WRITEUP
Viavi Movie Review - 'id' SQL Injection
EIP-2026-113104 EXPLOITDB text WRITEUP
Viral Image & Video Sharing GagZone Script - SQL Injection
EIP-2026-113105 EXPLOITDB text WRITEUP
Viral Image Sharing Script - SQL Injection
EIP-2026-113119 EXPLOITDB text WORKING POC
Vishesh Auto Index 3.1 - 'fid' SQL Injection
EIP-2026-113106 EXPLOITDB text WORKING POC
Viral Pictures and Video Script 2.0.0 - 'id' SQL Injection
EIP-2026-112955 EXPLOITDB text WORKING POC
Vanelo - SQL Injection
EIP-2026-112919 EXPLOITDB text WORKING POC
Upworthy Clone Script 1.1.0 - 'id' SQL Injection