dd_

3 exploits Active since Apr 2026
CVE-2019-25729 EXPLOITDB CRITICAL text WORKING POC
PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie
PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shell_exec() to execute system commands and retrieve sensitive information from the server.
CVSS 9.8
CVE-2019-25693 EXPLOITDB HIGH text WORKING POC
ResourceSpace 8.6 SQL Injection via collection_edit.php
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.
CVSS 7.1
CVE-2019-25662 EXPLOITDB HIGH text WORKING POC
ResourceSpace 8.6 SQL Injection via watched_searches.php
ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watched_searches.php endpoint with crafted SQL payloads to extract sensitive database information including usernames and credentials.
CVSS 8.2