Exploitdb Exploits
4,759 exploits tracked across all sources.
Online Reviewer System 1.0 - Remote Code Execution via Malicious PHP File Upload
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters..
by Abdullah Khawaja
CVSS 9.8
OpenCats < 0.9.4-3 - XML External Entity Injection via DOCX/ODT File Upload
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format.
by Jake Ruston
CVSS 7.5
Filerun 2021.03.26 - Remote Code Execution (RCE) (Authenticated)
by syntegris information solutions GmbH
Yenkee YMS 3029 Firmware - Denial of Service via GM312Fltr.sys DeviceIoControl Buffer Overrun
Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulnerability that allows attackers to crash the system by sending oversized input. Attackers can exploit the driver by sending a 2000-byte buffer through DeviceIoControl to trigger a kernel-level system crash.
by Quadron Research Lab
CVSS 7.5
WebsiteBaker 2.13.0 - Authenticated Remote Code Execution via Language Installation Endpoint
WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code execution on the server.
by Halit AKAYDIN
CVSS 8.8
Sourcecodester Online Food Ordering System 2.0 - Remote Code Execution via PHP File Upload Bypass
Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters.
by Abdullah Khawaja
CVSS 9.8
Church Management System 1.0 - Remote Code Execution via Image Upload Field
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.
by Abdullah Khawaja
CVSS 9.8
Booster for WooCommerce <= 5.4.3 - Authentication Bypass via Email Verification Token Weakness
Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Email Verification module to be active in the plugin and the Login User After Successful Verification setting to be enabled, which it is by default.
by 0xB455
CVSS 9.8
Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)
by boku
ImpressCMS 1.4.2 Remote Code Execution via Autotasks
ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the sat_code parameter. Attackers can authenticate, submit a POST request to /modules/system/admin.php?fct=autotasks&op=mod with crafted sat_code containing PHP commands, which creates an executable file that accepts arbitrary commands via GET parameters.
by Halit AKAYDIN
CVSS 8.8
Evolution CMS 3.1.6 Authenticated Remote Code Execution via Module Creation
Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in the 'post' parameter to create modules that execute arbitrary commands when invoked.
by Halit AKAYDIN
CVSS 8.8
AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated)
by Ricardo Ruiz
Purchase Order Management System 1.0 - Remote File Upload
by Aryan Chehreghani
WordPress Download From Files 1.48 Arbitrary File Upload
WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fileupload action. Attackers can send POST requests to the admin-ajax.php endpoint with the download_from_files_617_fileupload action, manipulating the allowExt parameter to bypass file type restrictions and upload executable files like PHP shells to the web root.
by spacehen
CVSS 9.8
PHPGurukul AVMS <1.0 - SQL Injection
SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE.
by mari0x00
CVSS 9.8
ParlAI < 1.1.0 - Remote Code Execution via Unsafe YAML Deserialization
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.
by Abhiram V
CVSS 9.8
WordPress Plugin Survey & Poll 1.5.7.3 SQL Injection via sss_params
WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wp_sap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database information including usernames, passwords, and other confidential data from the WordPress database.
by Mohin Paramasivam
CVSS 8.2
SmartFTP Client 10.0.2909.0 - Denial of Service via Malformed Paths or Invalid IP Addresses
SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers to crash the application through specific input manipulation. Attackers can trigger crashes by entering malformed paths, using invalid IP addresses, or clearing connection history in the client's interface.
by Eric Salario
CVSS 7.5
Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload
by a-rey
Patient Appointment Scheduler System 1.0 - Persistent Cross-Site Scripting
by a-rey
FlatCore-CMS 2.0.7 - Remote Code Execution via Upload Addon Plugin
Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code.
by Mason Soroka-Gill
CVSS 7.2
Telegram Desktop 2.9.2 - Denial of Service via Oversized Message Payload
Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized message payload. Attackers can generate a 9 million byte buffer and paste it into the messaging interface to trigger an application crash.
by Aryan Chehreghani
CVSS 7.5
Traffic Offense Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
by Tagoletta
Atlassian Confluence Server and Data Center - OGNL Injection
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
by Fellipe Oliveira
CVSS 9.8
Umbraco CMS <=8.9.1 - Path Traversal
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.
by BitTheByte
CVSS 6.5
By Source