Text Exploits
31,386 exploits tracked across all sources.
BitZoom 1.0 - Unauthenticated SQL Injection via rollno Parameter
BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. Attackers can submit crafted POST requests with SQL UNION statements to extract database schema information and table contents from the application database.
by Ihsan Sencan
CVSS 8.2
2-Plan Team 1.0.4 - Authenticated RCE
2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are stored in the files directory and executed by the web server for remote code execution.
by Ihsan Sencan
CVSS 6.5
Ninja Forms < 3.3.18 - Cross-Site Scripting via Submissions Page Parameters
XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.
by MTK
CVSS 6.1
php-proxy 5.1.0 - Unauthenticated Local File Read via Default Config Key
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.
by Ameer Pornillos
CVSS 7.5
Rmedia SMS 1.0 - Unauthenticated SQL Injection via editgrp.php gid Parameter
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retrieve schema names and sensitive database data.
by Ihsan Sencan
CVSS 8.2
Pedidos 1.0 - Unauthenticated SQL Injection via 'q' Parameter in load_proveedores.php
Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to the ajax/load_proveedores.php endpoint with crafted SQL payloads to extract sensitive database information including schema names and table structures.
by Ihsan Sencan
CVSS 8.2
EdTv 2 - Unauthenticated SQL Injection via 'id' Parameter
EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/edit_source endpoint with crafted SQL UNION statements to extract database information including schema names, user credentials, and version details.
by Ihsan Sencan
CVSS 8.2
DoceboLMS 1.2 - Unauthenticated SQL Injection via lesson.php Parameters
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive database information.
by Ihsan Sencan
CVSS 8.2
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting
by Nawaf Alkeraithe
Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)
by Nawaf Alkeraithe
Advanced Comment System 1.0 - SQL Injection via Page Parameter
internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued.
by Rafael Pedrero
CVSS 9.8
SwitchVPN 2.1012.03 - Local Privilege Escalation via SUID Binary
A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute arbitrary binaries as root.
by Bernd Leitner
CVSS 7.8
Webiness Inventory 2.3 - SQL Injection
Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attackers can send POST requests to the WsModelGrid.php endpoint with crafted SQL payloads to extract sensitive database information including usernames, databases, and version details.
by Ihsan Sencan
CVSS 8.2
Tina4 Stack 1.0.3 - Unauthenticated SQL Injection and Database File Download via Menu Endpoint
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the menu endpoint to manipulate database queries.
by Ihsan Sencan
CVSS 8.2
Tina4 Stack 1.0.3 - Cross-Site Request Forgery via Profile Endpoint
Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can craft HTML forms targeting the /kim/profile endpoint with hidden fields containing malicious user data like passwords and email addresses to update administrator accounts without authentication.
by Ihsan Sencan
CVSS 5.3
Surreal ToDo 0.6.1.2 - Path Traversal
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files like configuration and initialization files.
by Ihsan Sencan
CVSS 6.2
Silurus Classifieds Script 2.0 - SQL Injection
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can send GET requests to wcategory.php with crafted SQL payloads in the ID parameter to extract database table names and sensitive information from the database.
by Ihsan Sencan
CVSS 8.2
Musicco 2.0.0 - Unauthenticated Path Traversal via Parent Parameter
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system directories and download them as ZIP files.
by Ihsan Sencan
CVSS 7.5
Maitra 1.7.2 - Authenticated SQL Injection via Mailid Parameter
Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the application directory to extract sensitive mail tracking data and credentials.
by Ihsan Sencan
CVSS 7.1
Gumbo CMS 0.99 - Unauthenticated SQL Injection via Settings Endpoint Language Parameter
Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can send POST requests to the settings endpoint with crafted SQL payloads in the language parameter to extract sensitive database information including usernames, databases, and version details.
by Ihsan Sencan
CVSS 8.2
By Source