Exploitdb Exploits
4,724 exploits tracked across all sources.
Subrion CMS 4.2.1 - RCE
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
by Fellipe Oliveira
CVSS 7.2
IPFire 2.25-core155 - Privilege Escalation
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the ownership/permissions of other files may be present as well.
by Mücahit Saratar
CVSS 8.8
Chamilo < 1.11.14 - Remote Code Execution
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution.
by M. Cory Billington
CVSS 7.2
Zeroshell - OS Command Injection
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
by Fellipe Oliveira
CVSS 9.8
Microweber < 1.1.20 - Path Traversal
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously constructed ZIP file with file paths including relative paths (i.e., ../../), move this file into the backup directory, and execute a restore on this file.
by sl1nki
CVSS 7.2
Sandboxie 5.49.7 - DoS
Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash.
by Erick Galindo
CVSS 7.5
Human Resource Information System 0.1 - Remote Code Execution (Unauthenticated)
by Reza Afsahi
b2evolution <7.2.2-stable - SQL Injection
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.
by nu11secur1ty
CVSS 8.8
Internship Portal Management System 1.0 - Remote Code Execution(Unauthenticated)
by argenestel
GetSimple CMS Custom JS 0.1 - CSRF
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote code on the hosting server when an authenticated administrator visits the page.
by boku
CVSS 5.3
Piwigo <11.4.0 - SQL Injection
SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.
by nu11secur1ty
CVSS 7.2
GNU wget <1.18 - Code Injection
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
by liewehacksie
CVSS 8.8
NodeBB Plugin Emoji 3.2.1 - Path Traversal
NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by manipulating the file path parameter.
by 1F98D
CVSS 7.5
Cacti - SQL Injection
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
by Leonardo Paiva
CVSS 7.2
WordPress Plugin WPGraphQL 1.3.5 - Denial of Service
by Dolev Farhi
OpenPLC v3 - Authenticated RCE
OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that establishes a network connection to a specified IP and port, enabling remote command execution.
by Fellipe Oliveira
CVSS 8.8
Hasura Graphql Engine - OS Command Injection
Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the run_sql endpoint by crafting malicious GraphQL queries that execute system commands through PostgreSQL's COPY FROM PROGRAM functionality.
by Dolev Farhi
CVSS 9.8
SEO Panel 4.8.0 - SQL Injection
The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.
by nu11secur1ty
CVSS 7.2
GetSimple CMS My SMTP Contact Plugin 1.1.2 - XSS
GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary client-side code that executes in the administrator's browser when visiting a malicious page.
by boku
CVSS 5.4
GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not directly enable remote code execution.
by boku
CVSS 6.5
Dzzoffice < 2.02.1 - XSS
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
by nu11secur1ty
CVSS 6.1
rconfig <3.9.6 - RCE
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.
by Vishwaraj Bhattrai
CVSS 8.8
Open-emr Openemr - XSS
OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript through user profile parameters. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enabling remote command execution on the vulnerable OpenEMR instance.
by Hato0
CVSS 5.4
Tenda D151 Firmware - Missing Authentication
Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without authentication.
by BenChaliah
CVSS 7.5
By Source