Ihsan Sencan

985 exploits Active since Sep 2017
EIP-2026-113057 EXPLOITDB text WORKING POC
Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection
EIP-2026-113066 EXPLOITDB text WRITEUP
Viavi Movie Review - 'id' SQL Injection
EIP-2026-113084 EXPLOITDB text WRITEUP
Video Site Creator Script - SQL Injection
EIP-2026-113384 EXPLOITDB text WORKING POC
WebVet 0.1a - 'id' SQL Injection
EIP-2026-113085 EXPLOITDB text WORKING POC
Video Subscription - SQL Injection
EIP-2026-113089 EXPLOITDB text WORKING POC
Videohive Clone Script - SQL Injection
CVE-2017-15975 EXPLOITDB CRITICAL text WORKING POC
Vastal I-Tech Dating Zone 0.9.9 - SQL Injection via add_to_cart.php product_id Parameter
Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.
CVSS 9.8
EIP-2026-113102 EXPLOITDB text WRITEUP
Vine VideoSite Creator Script - SQL Injection
EIP-2026-112955 EXPLOITDB text WORKING POC
Vanelo - SQL Injection
CVE-2017-17874 EXPLOITDB HIGH text WORKING POC
Vanguard Marketplace Digital Products PHP 1.4 - Unauthenticated Arbitrary File Upload via Product Addition
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.
CVSS 8.8
CVE-2017-17873 EXPLOITDB CRITICAL text WORKING POC
Vanguard Marketplace Digital Products PHP 1.4 - SQL Injection via PATH_INFO to /p URI
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.
CVSS 9.8
EIP-2026-113103 EXPLOITDB text WORKING POC
Viral Fun Facts Sharing Script 1.1.0 - 'id' SQL Injection
CVE-2017-15991 EXPLOITDB CRITICAL text WORKING POC
Vastal I-Tech Agent Zone - SQL Injection via searchCommercial.php or searchResidential.php Parameters
Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982.
CVSS 9.8
EIP-2026-112554 EXPLOITDB text WORKING POC
Takas Classified 1.1 - SQL Injection
CVE-2018-6363 EXPLOITDB CRITICAL text WORKING POC
Task Rabbit Clone 1.0 - SQL Injection via single_blog.php id Parameter
SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.
CVSS 9.8
EIP-2026-112579 EXPLOITDB text WORKING POC
Teameyo Project Management System 1.0 - SQL Injection
CVE-2017-15980 EXPLOITDB CRITICAL text WORKING POC
US Zip Codes Database Script 1.0 - SQL Injection via State Parameter
US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.
CVSS 9.8
EIP-2026-112928 EXPLOITDB text WORKING POC
User Registration & Login and User Management System 2.1 - SQL Injection
EIP-2026-112919 EXPLOITDB text WORKING POC
Upworthy Clone Script 1.1.0 - 'id' SQL Injection
EIP-2026-112903 EXPLOITDB text WORKING POC
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
EIP-2026-112904 EXPLOITDB text WORKING POC
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
EIP-2026-112917 EXPLOITDB text WRITEUP
Uploadr - SQL Injection
EIP-2026-112788 EXPLOITDB text WORKING POC
Travel Tours Script 2.0 - SQL Injection
CVE-2018-6365 EXPLOITDB CRITICAL text WORKING POC
TSiteBuilder 1.0 - SQL Injection via id Parameter
SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php.
CVSS 9.8
CVE-2018-5984 EXPLOITDB CRITICAL text WORKING POC
Tumder 2.1 - Joomla! - SQL Injection
SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI.
CVSS 9.8