Text Exploits
31,346 exploits tracked across all sources.
Fiverr Clone Script 1.2.2 - SQL Injection
Fiverr Clone Script 1.2.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can supply malicious SQL syntax in the page parameter to extract sensitive database information or modify database contents.
by Mr Winst0n
CVSS 9.1
WooCommerce PayPal Checkout Payment Gateway <1.6.8 - Info Disclosure
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the amount can be manipulated in the PayPal payment flow. However, the amount is validated against the WooCommerce order total before completing the order, and if it doesn’t match then the order will be left in an “On Hold” state
by Vikas Chaudhary
CVSS 6.5
Centos-webpanel Centos Web Panel - XSS
CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via a "DNS Functions" "Edit Nameservers IPs" action.
by DKM
CVSS 4.8
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 - SQL Injection
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Homey BNB V4 - SQL Injection
Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the authentication query and gain unauthorized access to the admin panel.
by Ahmet Ümit BAYRAM
CVSS 8.2
Homey BNB V4 - SQL Injection
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Homey BNB V4 - SQL Injection
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Homey BNB V4 - SQL Injection
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to the admin/cms_getpagetitle.php endpoint with malicious catid values to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Homey BNB V4 - SQL Injection
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Homey BNB V4 - SQL Injection
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting_id parameter. Attackers can send GET requests to the rooms/ajax_refresh_subtotal endpoint with malicious hosting_id values to extract sensitive database information or cause denial of service.
by Ahmet Ümit BAYRAM
CVSS 8.2
Fat Free CRM v0.19.0 - HTML Injection
HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is a XSS protection mechanism.
by Ismail Tasdelen
CVSS 5.4
WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion
by Ali S. Ahmad
WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC)
by Ali S. Ahmad
i-doit Open <1.12 - XSS
An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter.
by BlackFog Team
CVSS 6.1
gnutls 3.6.6 - 'verify_crt()' Use-After-Free
by Google Security Research
Jettweb Hazir Rent A Car Scripti V4 - SQL Injection
Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php endpoint to extract sensitive database information or cause denial of service.
by Ahmet Ümit BAYRAM
CVSS 8.2
XooGallery Latest - SQL Injection
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data, or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
XooGallery Latest - SQL Injection
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to cat.php with malicious cat_id values to bypass authentication, extract sensitive data, or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
XooGallery Latest - SQL Injection
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photo_id parameter. Attackers can send GET requests to photo.php with malicious photo_id values to extract sensitive data, bypass authentication, or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
XooGallery Latest - SQL Injection
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gal_id parameter. Attackers can send GET requests to gal.php with malicious gal_id values to extract sensitive database information or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
XooDigital Latest - SQL Injection
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb Php Hazir Ilan Sitesi Scripti V2 - SQL Injection
Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. Attackers can send GET requests to the katgetir.php endpoint with malicious 'kat' values to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Simple Job Script - XSS
Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim browsers and steal session cookies or perform unauthorized actions.
by Ahmet Ümit BAYRAM
CVSS 6.1
By Source