n1x_ [MS-WEB]

7 exploits Active since Mar 2021
CVE-2019-25446 EXPLOITDB HIGH text WORKING POC
DIGIT CENTRIS ERP - SQL Injection
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these parameters to extract or modify sensitive database information.
CVSS 8.2
CVE-2019-25442 EXPLOITDB HIGH text WORKING POC
Web Wiz Forums 12.01 - SQL Injection
Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF values to extract sensitive database information.
CVSS 7.5
CVE-2019-25440 EXPLOITDB HIGH text WORKING POC
WebIncorp ERP - SQL Injection
WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. Attackers can send GET requests to product_detail.php with malicious prod_id values to extract sensitive database information.
CVSS 8.2
CVE-2019-25439 EXPLOITDB HIGH text WORKING POC
NoviSmart CMS - SQL Injection
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive database information or cause denial of service.
CVSS 8.2
EIP-2026-111754 EXPLOITDB text WORKING POC
Rest - Cafe and Restaurant Website CMS - 'slug' SQL Injection
CVE-2020-23518 EXPLOITDB MEDIUM text WORKING POC
UltimateKode Neo Billing <3.5 - XSS
Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - Accounting, Invoicing And CRM Software up to version 3.5 which allows remote attackers to inject arbitrary web script or HTML.
CVSS 5.4
EIP-2026-104496 EXPLOITDB text WORKING POC
WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting (Authenticated)