Manish Tanwar

16 exploits Active since Jan 2015
CVE-2015-1397 EXPLOITDB python WORKING POC
Magento CE/EE 1.9.1.0-1.14.1.0 - SQL Injection
SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularity[field_expr] parameter when the popularity[from] or popularity[to] parameter is set.
EIP-2026-114190 EXPLOITDB text WORKING POC
WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload
CVE-2016-6195 EXPLOITDB CRITICAL text WORKING POC
vBulletin <4.2.2 PL5 & <4.2.3 PL1 - SQL Injection
SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016.
CVSS 9.8
CVE-2014-9440 EXPLOITDB text WORKING POC
phpMyRecipes 1.2.2 - SQL Injection
SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter.
EIP-2026-110936 EXPLOITDB text WORKING POC
PHPBack < 1.3.1 - SQL Injection / Cross-Site Scripting
EIP-2026-110511 EXPLOITDB text WORKING POC
PBBoard CMS - Persistent Cross-Site Scripting
EIP-2026-110055 EXPLOITDB text WRITEUP
Online Airline Booking System - Multiple Vulnerabilities
EIP-2026-108870 EXPLOITDB text WORKING POC
Joomla! Component Spider FAQ - SQL Injection
EIP-2026-108183 EXPLOITDB php WORKING POC
Joomla! 3.2.x < 3.4.4 - SQL Injection
CVE-2015-1476 EXPLOITDB text WORKING POC
xlinkerz ecommerceMajor - SQL Injection
Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php.
EIP-2026-105942 EXPLOITDB text WORKING POC
Clipperz Password Manager - '/backend/PHP/src/setup/rpc.php' Remote Code Execution
EIP-2026-104767 EXPLOITDB php WORKING POC
Posnic Stock Management System - SQL Injection
EIP-2026-104735 EXPLOITDB php WORKING POC
Joomla! 3.7 - SQL Injection
EIP-2026-104791 EXPLOITDB text WORKING POC
WordPress Plugin Polls 1.2.4 - SQL Injection (PoC)
CVE-2018-7466 EXPLOITDB HIGH text WORKING POC
Testlink < 1.9.16 - Code Injection
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.
CVSS 7.5
CVE-2015-5148 EXPLOITDB text WRITEUP
Livelycart - SQL Injection
SQL injection vulnerability in LivelyCart 1.2.0 allows remote attackers to execute arbitrary SQL commands via the search_query parameter to product/search.