Text Exploits
31,341 exploits tracked across all sources.
Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS
by Hakkı TOKLU
Cszcms Csz Cms - SQL Injection
CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information.
by Abdulaziz Almetairy
CVSS 8.8
Phpgurukul Teacher Subject Allocation Management System - SQL Injection
SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter.
by Ersin Erenler
CVSS 7.5
Walterjnr1 Employee Management System - SQL Injection
SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php.
by Shubham Pandey
CVSS 9.8
Code-Projects Blood Bank 1.0 - SQL Injection
SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via the 'bid' parameter.
by Ersin Erenler
CVSS 7.8
WEBIGniter 28.7.23 - XSS
WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process that allows unauthenticated attackers to execute malicious JavaScript code, enabling potential XSS attacks.
by Mesut Cetin
Xbtitfm - Unrestricted File Upload
xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the file_hosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif, adding GIF89a magic bytes, and using alternate PHP tags to upload web shells that execute system commands.
by h5kj23kj32io2kj
CVSS 7.2
Xbtitfm - Path Traversal
xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like using encoded path traversal characters in HTTP requests.
by h5kj23kj32io2kj
CVSS 7.5
Xbtitfm - SQL Injection
xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database names, user credentials, and password hashes from the underlying database.
by h5kj23kj32io2kj
CVSS 9.8
Opensolution Quick Cms - SQL Injection
Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system.
by H4X.Forensics
CVSS 9.8
TYPO3 11.5.24 - Path Traversal (Authenticated)
by Saeed reza Zamanian
TELSAT marKoni FM Transmitter 1.9.5 - Insecure Access Control Change Password
by LiquidWorm
TELSAT marKoni FM Transmitter 1.9.5 - Backdoor Account Information Disclosure
by LiquidWorm
APC Network Management Card 4 - Path Traversal
APC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like /etc/passwd by using encoded path traversal characters in HTTP requests.
by Víctor García
Winter CMS v.1.2.3 - SSTI
Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them.
by tmrswrr
CVSS 7.2
Nokia BMC Log Scanner - Remote Code Execution
by Carlos Andres Gonzalez_ Matthew Gregory
GitLab Password Reset Account Takeover
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
by 0xB455
CVSS 10.0
Human Resource Management System 1.0 - 'employeeid' SQL Injection
by Srikar
Microsoft Windows Defender / Trojan.Win32/Powessere.G - Detection Mitigation Bypass
by hyp3rlinx
By Source