felipe andrian

10 exploits Active since Apr 2009
CVE-2019-25503 EXPLOITDB HIGH text WORKING POC
PHPads 2.0 - Unauthenticated SQL Injection via click.php3 bannerID Parameter
PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue to extract sensitive database information such as the current database name.
CVSS 7.1
CVE-2019-25433 EXPLOITDB HIGH text WORKING POC
XOOPS CMS 2.5.9 - Unauthenticated SQL Injection via gerar_pdf.php cid Parameter
XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerar_pdf.php endpoint with malicious cid values to extract sensitive database information.
CVSS 8.2
CVE-2019-25366 EXPLOITDB HIGH text WORKING POC
microASP Portal+ CMS - SQL Injection
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explode_tree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and concat functions to extract sensitive database information like the current database name.
CVSS 8.2
CVE-2019-13507 EXPLOITDB CRITICAL text WORKING POC
hidea AZ Admin 1.0 - SQL Injection via news_det.php cod Parameter
hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection.
CVSS 9.8
EIP-2026-114337 EXPLOITDB text WORKING POC
WordPress Theme LineNity 1.20 - Local File Inclusion
EIP-2026-107618 EXPLOITDB text WRITEUP
Horde Webmail 5.1 - Open Redirect
CVE-2008-6660 EXPLOITDB text WRITEUP
BigDump 0.29b - Unauthenticated Arbitrary File Upload and Remote Code Execution via Executable Extension Bypass
Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote attackers to execute arbitrary code by uploading a file with an executable extension followed by a .sql extension, then accessing this file via a direct request. NOTE: some of these details are obtained from third party information.
EIP-2026-100926 EXPLOITDB text WORKING POC
Web Terra 1.1 - 'books.cgi' Remote Command Execution
EIP-2026-100125 EXPLOITDB text WRITEUP
ASP-Nuke 2.0.7 - 'gotourl.asp' Open Redirect
CVE-2014-2847 EXPLOITDB text WRITEUP
CIS Manager CMS - SQL Injection via TroncoID Parameter
SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter.