VulnSpy

6 exploits Active since Jan 2018
CVE-2018-25270 EXPLOITDB CRITICAL text WORKING POC
ThinkPHP 5.0.23 Remote Code Execution via invokefunction
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system commands with application privileges.
CVSS 9.8
CVE-2019-25260 EXPLOITDB HIGH text WORKING POC
OXID eShop 6.x < 6.3.4 - SQL Injection via Sorting Parameter
OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerability by manipulating the sorting parameter to inject PHP code into the database and execute arbitrary code through crafted URLs.
CVSS 8.2
EIP-2026-113508 EXPLOITDB text WORKING POC
WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion
CVE-2017-1000499 EXPLOITDB HIGH text WORKING POC
phpMyAdmin 4.7.0-4.7.6 - Cross-Site Request Forgery
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
CVSS 8.8
CVE-2018-12613 EXPLOITDB HIGH text WORKING POC
phpMyAdmin 4.8.x <4.8.2 - Code Injection
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).
CVSS 8.8
EIP-2026-111140 EXPLOITDB python WORKING POC
phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read