Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-37057 EXPLOITDB HIGH text
Online-Exam-System 2015 - SQL Injection
Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information.
by Berk Dusunur
CVSS 8.2
CVE-2021-41487 EXPLOITDB CRITICAL text
NOKIA VitalSuite SPM 2020 - SQL Injection via UserName Parameter
NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.
by Berk Dusunur
CVSS 9.8
CVE-2020-28146 EXPLOITDB MEDIUM text
Eyoucms < 1.4.7 - Cross-Site Scripting via addonfieldext Parameter
Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.
by China Banking and Insurance Information Technology Management Co.
CVSS 6.1
CVE-2020-37222 EXPLOITDB HIGH text
Kuicms Php EE 2.0 Persistent Cross-Site Scripting via bbs reply
Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in the content parameter to execute arbitrary scripts in users' browsers.
by China Banking and Insurance Information Technology Management Co.
CVSS 7.2
CVE-2020-26052 EXPLOITDB MEDIUM text
Online Marriage Registration System 1.0 - Stored Cross-Site Scripting
Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters.
by that faceless coder
CVSS 5.4
CVE-2020-23466 EXPLOITDB MEDIUM text
phpgurukul Online Marriage Registration System 1.0 - XSS
Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field.
by that faceless coder
CVSS 5.4
CVE-2019-25260 EXPLOITDB HIGH text
OXID eShop 6.x < 6.3.4 - SQL Injection via Sorting Parameter
OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerability by manipulating the sorting parameter to inject PHP code into the database and execute arbitrary code through crafted URLs.
by VulnSpy
CVSS 8.2
EIP-2026-110403 EXPLOITDB text
osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting
by Matthew Aberegg
EIP-2026-110402 EXPLOITDB text
osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting
by Matthew Aberegg
EIP-2026-109142 EXPLOITDB text
LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting
by Matthew Aberegg
EIP-2026-113692 EXPLOITDB text
WordPress Plugin Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code Execution
by Austin Martin
CVE-2020-12261 EXPLOITDB MEDIUM text
Open-AudIT 3.3.0 - Stored Cross-Site Scripting in Error Templates
Open-AudIT 3.3.0 allows an XSS attack after login.
by Kamaljeet Kumar
CVSS 5.4
EIP-2026-108918 EXPLOITDB text
Joomla! Plugin XCloner Backup 3.5.3 - Local File Inclusion (Authenticated)
by Mehmet Kelepçe
CVE-2020-13427 EXPLOITDB MEDIUM text
Victor CMS 1.0 - XSS
Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user via the user_name, user_firstname, or user_lastname parameter.
by Nitya Nand
CVSS 6.1
EIP-2026-113763 EXPLOITDB text
WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)
by SunCSR
EIP-2026-110087 EXPLOITDB text
Online Discussion Forum Site 1.0 - Remote Code Execution
by Enesdex
CVE-2020-37068 EXPLOITDB CRITICAL text
Konica Minolta FTP Utility 1.0 - Buffer Overflow
Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the LIST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute unauthorized code.
by Socket_0x03
CVSS 9.8
CVE-2020-36966 EXPLOITDB MEDIUM text
Dolibarr 11.0.3 - Stored Cross-Site Scripting via LDAP Synchronization Parameters
Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary JavaScript and potentially steal user cookie information.
by Mehmet Kelepçe
CVSS 6.4
CVE-2020-5752 EXPLOITDB HIGH text VERIFIED
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
by Matteo Malvica
CVSS 7.8
CVE-2020-37070 EXPLOITDB CRITICAL text
CloudMe 1.11.2 - Remote Code Execution via Crafted Network Packets
CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code through crafted network packets. Attackers can exploit the vulnerability by sending a specially crafted payload to the CloudMe service running on port 8888, enabling remote code execution.
by Xenofon Vassilakopoulos
CVSS 9.8
CVE-2020-36996 EXPLOITDB MEDIUM text
PHPFusion < 9.03.50 - Stored Cross-Site Scripting in print.php via Forum Message
PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize user-submitted message content. Attackers can inject malicious JavaScript through forum messages that will execute when the print page is generated, allowing script execution in victim browsers.
by coiffeur
CVSS 6.4
CVE-2020-26802 EXPLOITDB HIGH text
forma.lms 2.3.0.2 - CSRF
forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover.
by Daniel Ortiz
CVSS 8.8
EIP-2026-106112 EXPLOITDB text
Composr CMS 10.0.30 - Persistent Cross-Site Scripting
by Manuel García Cárdenas
CVE-2020-13144 EXPLOITDB HIGH text
Open edX Ironwood 2.5 - Unauthenticated Remote Code Execution via Custom Python Evaluated Code
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution.
by Daniel Monzón
CVSS 8.8
CVE-2020-37073 EXPLOITDB HIGH text
Victor CMS 1.0 - Authenticated Arbitrary File Upload via user_image Parameter
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file with a 'cmd' parameter.
by Kishan Lal Choudhary
CVSS 8.8
By Source
All 31,386 Writeup 62,482 Exploitdb 50,076 Nomisec 22,450 Github 3,674 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,597 ruby 6,006 c 3,631 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25