Text Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25639 EXPLOITDB HIGH text
Matrimony Website Script M-Plus Multiple SQL Injection
Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, and cboCountry across simplesearch_results.php, advsearch_results.php, specialcase_results.php, locational_results.php, and registration2.php to extract sensitive database information or execute arbitrary SQL commands.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25638 EXPLOITDB HIGH text
Meeplace Business Review Script Lastest SQL Injection via addclick.php
Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id' parameter to extract sensitive database information or cause denial of service.
by Ahmet Ümit BAYRAM
CVSS 7.1
CVE-2019-25642 EXPLOITDB HIGH text
Bootstrapy CMS Lastest Multiple SQL Injection via Forum and Contact Modules
Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the thread_id parameter of forum-thread.php, the subject parameter of contact-submit.php, the post-id parameter of post-new-submit.php, and the thread-id parameter to extract sensitive database information or cause denial of service.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25641 EXPLOITDB HIGH text
Netartmedia Vlog System Lastest SQL Injection via email Parameter
Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgotten_password module to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25530 EXPLOITDB HIGH text VERIFIED
uHotelBooking System - SQL Injection
uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system_page GET parameter. Attackers can send crafted requests to index.php with malicious system_page values using time-based blind SQL injection techniques to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25529 EXPLOITDB HIGH text
Placeto CMS Alpha rv.4 - SQL Injection
Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based blind, time-based blind, or union-based techniques to extract sensitive database information.
by Abdullah Çelebi
CVSS 7.1
EIP-2026-112632 EXPLOITDB text VERIFIED
The Company Business Website CMS - Multiple Vulnerabilities
by Ahmet Ümit BAYRAM
CVE-2019-25539 EXPLOITDB HIGH text
202CMS v10 beta - SQL Injection
202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind injection techniques to extract sensitive database information.
by Mehmet EMIROGLU
CVSS 8.2
CVE-2019-25538 EXPLOITDB HIGH text
202CMS v10 beta - SQL Injection
202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send crafted requests with malicious SQL statements in the log_user field to extract sensitive database information or modify database contents.
by Mehmet EMIROGLU
CVSS 8.2
CVE-2019-25536 EXPLOITDB HIGH text
Netartmedia PHP Real Estate Agency 4.0 - SQL Injection
Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Attackers can send POST requests to index.php with crafted SQL payloads in the features[] parameter to extract sensitive database information or manipulate database queries.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25535 EXPLOITDB HIGH text
Netartmedia PHP Dating Site - SQL Injection
Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with time-based SQL injection payloads in the Email field to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25534 EXPLOITDB HIGH text
Netartmedia PHP Car Dealer - SQL Injection
Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Attackers can submit POST requests to index.php with crafted SQL payloads in the features[] parameter to extract sensitive database information or manipulate database queries.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25533 EXPLOITDB HIGH text
Netartmedia PHP Business Directory 4.2 - SQL Injection
Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to the loginaction.php endpoint with crafted SQL payloads in the Email field to extract sensitive database information or bypass authentication.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25532 EXPLOITDB HIGH text
Netartmedia Jobs Portal 6.1 - SQL Injection
Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with crafted SQL payloads in the Email field to extract sensitive database information or bypass authentication.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25531 EXPLOITDB HIGH text
Netartmedia Deals Portal - SQL Injection
Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive information or bypass authentication mechanisms.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-6279 EXPLOITDB HIGH text
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN - Privilege Escalation
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.
by Kumar Saurav
CVSS 8.8
CVE-2019-6282 EXPLOITDB HIGH text
Chinamobileltd Gpn2.4p21-c-cn Firmware - CSRF
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.
by Kumar Saurav
CVSS 8.8
CVE-2019-25643 EXPLOITDB HIGH text
eNdonesia Portal v8.7 SQL Injection via banners.php
eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extract sensitive database information from the INFORMATION_SCHEMA tables.
by Mehmet EMIROGLU
CVSS 8.2
CVE-2019-25543 EXPLOITDB HIGH text VERIFIED
Netartmedia Real Estate Portal 5.0 - SQL Injection
Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can submit POST requests to index.php with malicious SQL payloads in the page field to bypass authentication, extract sensitive data, or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25542 EXPLOITDB HIGH text VERIFIED
Netartmedia Real Estate Portal 5.0 - SQL Injection
Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_email parameter. Attackers can send POST requests to index.php with malicious payloads in the user_email field to bypass authentication, extract sensitive data, or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25541 EXPLOITDB HIGH text VERIFIED
Netartmedia PHP Mall 4.1 - SQL Injection
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in loginaction.php to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25540 EXPLOITDB HIGH text VERIFIED
Netartmedia PHP Mall 4.1 - SQL Injection
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL payloads to extract sensitive database information including user credentials and system data.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25537 EXPLOITDB HIGH text VERIFIED
Netartmedia Event Portal 2.0 - SQL Injection
Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with malicious SQL payloads in the Email field to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-0612 EXPLOITDB MEDIUM text VERIFIED
Microsoft Edge - Auth Bypass
A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.
by Google Security Research
CVSS 5.3
CVE-2019-9650 EXPLOITDB MEDIUM text
MyBB <1.33 - XSS
An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event.
by 0xB9
CVSS 6.1
By Source
All 31,346 Exploitdb 50,135 Writeup 49,367 Nomisec 21,365 Metasploit 3,228 Github 2,562 Vulncheck_xdb 893 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,903 c 3,575 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 249 shell 95 go 52 postscript 25 xml 24