Loading Kura Kura

3 exploits Active since Jun 2026
CVE-2018-25431 EXPLOITDB HIGH text WORKING POC
No-Cms 1.0 - Authenticated SQL Injection via order_by Parameter
No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manage_privilege/index/export with malicious SQL code in the order_by[0] parameter to extract sensitive database information.
CVSS 7.1
EIP-2026-113544 EXPLOITDB text WORKING POC
WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
EIP-2026-107505 EXPLOITDB text WORKING POC
Grocery crud 1.6.1 - 'search_field' SQL Injection