dd_

3 exploits Active since Apr 2026
CVE-2019-25693 EXPLOITDB HIGH text WORKING POC
ResourceSpace 8.6 SQL Injection via collection_edit.php
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.
CVSS 7.1
CVE-2019-25662 EXPLOITDB HIGH text WORKING POC
ResourceSpace 8.6 SQL Injection via watched_searches.php
ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watched_searches.php endpoint with crafted SQL payloads to extract sensitive database information including usernames and credentials.
CVSS 8.2
EIP-2026-110527 EXPLOITDB text WORKING POC
PDF Signer 3.0 - Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie)