Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25515 EXPLOITDB HIGH text VERIFIED
Jettweb PHP Hazir Haber Sitesi Scripti V3 - Auth Bypass
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and 'or' operators as username and password parameters to access the administration panel without valid credentials.
by Ahmet Ümit BAYRAM
CVSS 7.5
CVE-2019-25514 EXPLOITDB HIGH text VERIFIED
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data from the database or bypass authentication controls.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25513 EXPLOITDB HIGH text VERIFIED
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send GET requests to datagetir.php with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information or bypass authentication.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25512 EXPLOITDB HIGH text VERIFIED
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive database information or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25511 EXPLOITDB HIGH text VERIFIED
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using UNION-based injection to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25510 EXPLOITDB HIGH text VERIFIED
Jettweb PHP Hazir Haber Sitesi Scripti V2 - Auth Bypass
Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and password fields of the admingiris.php login form to bypass authentication and access the administrative interface.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2018-5511 EXPLOITDB HIGH text VERIFIED
F5 BIG-IP <13.1.0.3 - Privilege Escalation
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
by Google Security Research
CVSS 7.2
CVE-2019-5512 EXPLOITDB HIGH text VERIFIED
VMware Workstation <15.0.3-14.1.6 - Privilege Escalation
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.
by Google Security Research
CVSS 8.8
EIP-2026-104162 EXPLOITDB text
Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting
by Ozer Goker
EIP-2026-104161 EXPLOITDB text
Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting
by Ozer Goker
CVE-2019-25640 EXPLOITDB HIGH text
Inout Article Base CMS Lastest SQL Injection via portalLogin.php
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information or cause denial of service through time-based attacks.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25639 EXPLOITDB HIGH text
Matrimony Website Script M-Plus Multiple SQL Injection
Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, and cboCountry across simplesearch_results.php, advsearch_results.php, specialcase_results.php, locational_results.php, and registration2.php to extract sensitive database information or execute arbitrary SQL commands.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25638 EXPLOITDB HIGH text
Meeplace Business Review Script Lastest SQL Injection via addclick.php
Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id' parameter to extract sensitive database information or cause denial of service.
by Ahmet Ümit BAYRAM
CVSS 7.1
CVE-2019-25642 EXPLOITDB HIGH text
Bootstrapy CMS Lastest Multiple SQL Injection via Forum and Contact Modules
Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the thread_id parameter of forum-thread.php, the subject parameter of contact-submit.php, the post-id parameter of post-new-submit.php, and the thread-id parameter to extract sensitive database information or cause denial of service.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25641 EXPLOITDB HIGH text
Netartmedia Vlog System Lastest SQL Injection via email Parameter
Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgotten_password module to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25530 EXPLOITDB HIGH text VERIFIED
uHotelBooking System - SQL Injection
uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system_page GET parameter. Attackers can send crafted requests to index.php with malicious system_page values using time-based blind SQL injection techniques to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25529 EXPLOITDB HIGH text
Placeto CMS Alpha rv.4 - SQL Injection
Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based blind, time-based blind, or union-based techniques to extract sensitive database information.
by Abdullah Çelebi
CVSS 7.1
EIP-2026-112632 EXPLOITDB text VERIFIED
The Company Business Website CMS - Multiple Vulnerabilities
by Ahmet Ümit BAYRAM
CVE-2019-25539 EXPLOITDB HIGH text
202CMS v10 beta - Unauthenticated Blind SQL Injection via log_user Parameter
202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind injection techniques to extract sensitive database information.
by Mehmet EMIROGLU
CVSS 8.2
CVE-2019-25538 EXPLOITDB HIGH text
202CMS v10 beta - Unauthenticated SQL Injection via log_user Parameter
202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send crafted requests with malicious SQL statements in the log_user field to extract sensitive database information or modify database contents.
by Mehmet EMIROGLU
CVSS 8.2
CVE-2019-25536 EXPLOITDB HIGH text
Netartmedia PHP Real Estate Agency 4.0 - SQL Injection
Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Attackers can send POST requests to index.php with crafted SQL payloads in the features[] parameter to extract sensitive database information or manipulate database queries.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25535 EXPLOITDB HIGH text
Netartmedia PHP Dating Site - SQL Injection
Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with time-based SQL injection payloads in the Email field to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25534 EXPLOITDB HIGH text
Netartmedia PHP Car Dealer - SQL Injection
Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Attackers can submit POST requests to index.php with crafted SQL payloads in the features[] parameter to extract sensitive database information or manipulate database queries.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25533 EXPLOITDB HIGH text
Netartmedia PHP Business Directory 4.2 - SQL Injection
Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to the loginaction.php endpoint with crafted SQL payloads in the Email field to extract sensitive database information or bypass authentication.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25532 EXPLOITDB HIGH text
Netartmedia Jobs Portal 6.1 - SQL Injection
Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with crafted SQL payloads in the Email field to extract sensitive database information or bypass authentication.
by Ahmet Ümit BAYRAM
CVSS 8.2
By Source
All 31,386 Writeup 62,527 Exploitdb 50,076 Nomisec 22,481 Github 3,717 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,615 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 137 go 73 postscript 25 typescript 25