Text Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-100654 EXPLOITDB text
Kartris 1.6 - Arbitrary File Upload
by Nhat Ha
CVE-2020-28140 EXPLOITDB CRITICAL text
Online Clothing Store - Unrestricted File Upload
SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.
by Sushant Kamble
CVSS 9.8
CVE-2020-14972 EXPLOITDB CRITICAL text
Sourcecodester Pisay Online E-Learning System 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages.
by boku
CVSS 9.8
EIP-2026-111928 EXPLOITDB text
School File Management System 1.0 - 'username' SQL Injection
by Tarun Sehgal
EIP-2026-110053 EXPLOITDB text
Online AgroCulture Farm Management System 1.0 - 'pid' SQL Injection
by BKpatron
EIP-2026-105711 EXPLOITDB text
Car Park Management System 1.0 - Authentication Bypass
by Tarun Sehgal
EIP-2026-101675 EXPLOITDB text
Draytek VigorAP 1000C - Persistent Cross-Site Scripting
by Vulnerability-Lab
CVE-2020-37080 EXPLOITDB CRITICAL text
webTareas 2.0.p8 - Privilege Escalation
webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on the server through an unauthenticated file deletion mechanism.
by Besim
CVSS 9.8
CVE-2020-37078 EXPLOITDB HIGH text
i-doit Open Source CMDB 1.14.1 - File Deletion
i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from the server's filesystem.
by Besim
CVSS 8.8
CVE-2020-37077 EXPLOITDB MEDIUM text
Booked Scheduler 2.7.7 - Path Traversal
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating directory path traversal techniques.
by Besim
CVSS 6.5
CVE-2020-28139 EXPLOITDB MEDIUM text
Online Clothing Store - XSS
SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php.
by Sushant Kamble
CVSS 6.1
CVE-2020-28138 EXPLOITDB CRITICAL text
Online Clothing Store - SQL Injection
SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php.
by Sushant Kamble
CVSS 9.8
EIP-2026-114697 EXPLOITDB text
GitLab 12.9.0 - Arbitrary File Read
by KouroshRZ
EIP-2026-114528 EXPLOITDB text
YesWiki cercopitheque 2020.04.18.1 - 'id' SQL Injection
by coiffeur
EIP-2026-109600 EXPLOITDB text
MPC Sharj 3.11.1 - Arbitrary File Download
by SajjadBnd
CVE-2020-37082 EXPLOITDB CRITICAL text
webERP 4.15.1 - Info Disclosure
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_[timestamp].sql.gz file.
by Besim
CVSS 9.8
CVE-2020-37081 EXPLOITDB HIGH text
Fishing Reservation System 7.5 - SQL Injection
Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database management system and web application without user interaction.
by Vulnerability-Lab
CVSS 7.1
EIP-2026-119670 EXPLOITDB text
BlogEngine 3.3 - 'syndication.axd' XML External Entity Injection
by Daniel Martinez Adan
EIP-2026-117729 EXPLOITDB text
Oracle Database 11g Release 2 - 'OracleDBConsoleorcl' Unquoted Service Path
by Nguyen Khang
EIP-2026-112151 EXPLOITDB text
SimplePHPGal 0.7 - Remote File Inclusion
by h4shur
EIP-2026-111265 EXPLOITDB text
PhreeBooks ERP 5.2.5 - Remote Command Execution
by Besim
EIP-2026-110169 EXPLOITDB text
Online Scheduling System 1.0 - 'username' SQL Injection
by Saurav Shukla
CVE-2020-11652 EXPLOITDB MEDIUM text
Salt < 2019.2.4 - Path Traversal
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
by Jasper Lievisse Adriaanse
CVSS 6.5
EIP-2026-101856 EXPLOITDB text
NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration
by Cold z3ro
CVE-2020-37083 EXPLOITDB HIGH text
PHP AddressBook 9.0.0.1 - SQL Injection
PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements with time delays to extract information by observing response times in the photo.php endpoint.
by David Velazquez
CVSS 8.2
By Source
All 31,346 Exploitdb 50,130 Writeup 46,871 Nomisec 21,233 Metasploit 3,221 Github 2,353 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,952 python 5,785 c 3,564 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 78 go 45 postscript 25 xml 24