Text Exploits
31,341 exploits tracked across all sources.
Hide My WP <6.2.9 - SQL Injection
The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
by Xenofon Vassilakopoulos
CVSS 9.8
F-logic Datacube3 - Unrestricted File Upload
F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension.
by Samy Younsi - NS Labs
CVSS 8.8
Akaunting <3.1.3 - Command Injection
An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.
by u32i
CVSS 9.8
Numbas editor <7.3 - Info Disclosure
Numbas editor before 7.3 mishandles editing of themes and extensions.
by Matheus Alexandre
CVSS 6.2
Ladder <0.0.22 - Info Disclosure
An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request to the API.
by @_chebuya
CVSS 7.5
Lot Reservation Management System - Unauthenticated File Upload and Remote Code Execution
by Elijah Mandila Syoyi
Lot Reservation Management System - Unauthenticated File Disclosure
by Elijah Mandila Syoyi
elFinder Web file manager Version - 2.1.53 Remote Command Execution
by tmrswrr
Customer Support System - SQL Injection
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.
by Geraldo Alcantara
CVSS 8.8
kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition
by Mohammad Reza Omrani
Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS
by Vincent McRae_ Mesut Cetin
R Radio Network FM Transmitter 1.07 - Info Disclosure
R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access.
by LiquidWorm
Obi08 Enrollment System 1.0 - SQL Injection
Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /get_subject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames and passwords.
by Gnanaraj Mauviel
Windows PowerShell - Event Log Bypass Single Quote Code Execution
by hyp3rlinx
Simple Student Attendance System v1.0 - Time Based Blind SQL Injection
by Gnanaraj Mauviel
Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection
by Gnanaraj Mauviel
Real Estate Management System v1.0 - Remote Code Execution via File Upload
by Diyar Saadi
Petrol Pump Mangement Software <1.0 - RCE
File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component.
by Shubham Pandey
CVSS 9.8
Petrol Pump MGMT Software v.1.0 - XSS
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component.
by Shubham Pandey
CVSS 6.1
Petrol Pump Mangement Software v.1.0 - XSS
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component.
by Shubham Pandey
CVSS 6.1
Petrol Pump Mangement Software <1.0 - SQL Injection
SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component.
by Shubham Pandey
CVSS 9.8
AC Repair and Services System v1.0 - Multiple SQL Injection
by Gnanaraj Mauviel
By Source