Number 7

12 exploits Active since Sep 2005
CVE-2024-58301 EXPLOITDB CRITICAL text WORKING POC
Purei CMS 1.0 - SQL Injection
Purei CMS 1.0 contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through unfiltered user input parameters. Attackers can exploit vulnerable endpoints like getAllParks.php and events-ajax.php by injecting crafted SQL payloads to potentially extract or modify database information.
CVE-2012-5330 EXPLOITDB text WRITEUP
asaanCart 0.9 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to calc.php, (2) chat.php, (3) register.php, or (4) index.php in libs/smarty_ajax/; or the (5) page parameter to libs/smarty_ajax/index.php.
EIP-2026-112831 EXPLOITDB text WORKING POC
Typo3 - File Disclosure
EIP-2026-111883 EXPLOITDB text WRITEUP
Same Team E-shop manager - SQL Injection
CVE-2005-2892 EXPLOITDB text WRITEUP
PBLang <4.65 - Path Traversal
Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter.
EIP-2026-110683 EXPLOITDB text WORKING POC
PHP Decoda 3.3.1 - Local File Inclusion
EIP-2026-110372 EXPLOITDB php WORKING POC
osCommerce 2.3.1 - 'banner_manager.php' Arbitrary File Upload
EIP-2026-109190 EXPLOITDB text WORKING POC
lizard cart - 'search.php' SQL Injection
EIP-2026-106910 EXPLOITDB text WRITEUP
Eshop Manager - Multiple SQL Injections
EIP-2026-105426 EXPLOITDB text WORKING POC
BbZL.php - Remote File Inclusion
CVE-2012-5331 EXPLOITDB text WRITEUP
AsaanCart 0.9 - Path Traversal
Directory traversal vulnerability in asaanCart 0.9 allows remote attackers to include arbitrary local files via a .. (dot dot) in the page parameter to index.php.
EIP-2026-104902 EXPLOITDB text WORKING POC
Acal Calendar 2.2.6 - Cross-Site Request Forgery