Text Exploits
31,386 exploits tracked across all sources.
LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting via site_name Parameter
LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI.
by Ismail Tasdelen
CVSS 4.8
AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0 - Cross-Site Scripting via Error_Desc Parameter
In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter.
by Dino Barlattani
CVSS 6.1
MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php
MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table and column names.
by Ihsan Sencan
CVSS 8.2
SIM-PKH 2.4.1 - SQL Injection via media.php id Parameter
SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQL UNION statements to extract database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 7.1
SIM-PKH 2.4.1 - Arbitrary File Upload via aksi_pengurus.php
SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksi_pengurus.php endpoint with module=pengurus and act=update parameters, which are stored in the foto directory and executed as web scripts.
by Ihsan Sencan
CVSS 8.8
ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection
by hyp3rlinx
ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write
by hyp3rlinx
School ERP Pro+Responsive 1.0 - Arbitrary File Download
by Ihsan Sencan
Appsource School Management System 1.0 - 'student_id' SQL Injection
by Ihsan Sencan
The Open ISES Project 3.30A Path Traversal Arbitrary File Download
The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to access files outside the intended directory, including configuration files and system files.
by Ihsan Sencan
CVSS 7.5
eNdonesia Portal 8.7 SQL Injection via mod.php
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across publisher, diskusi, galeri, content, and about modules to extract database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
eNdonesia Portal 8.7 SQL Injection via mod.php
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across publisher, diskusi, galeri, content, and about modules to extract database credentials, usernames, and version information.
by Ihsan Sencan
CVSS 8.2
eNdonesia Portal 8.7 SQL Injection via mod.php
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
The Open ISES Project 3.30A SQL Injection via add_facnote.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticket_id parameter. Attackers can send GET requests to add_facnote.php with crafted SQL payloads to extract sensitive database information including version details and other data.
by Ihsan Sencan
CVSS 8.2
The Open ISES Project 3.30A SQL Injection via city_graph.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to city_graph.php with crafted SQL payloads to extract sensitive database information including schema names and other data.
by Ihsan Sencan
CVSS 8.2
The Open ISES Project 3.30A SQL Injection via inc_types_graph.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inc_types_graph.php with crafted SQL payloads to extract sensitive database information including schema names and other data.
by Ihsan Sencan
CVSS 8.2
The Open ISES Project 3.30A SQL Injection via sever_graph.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to sever_graph.php with crafted SQL payloads to extract sensitive database information including schema names and other data.
by Ihsan Sencan
CVSS 8.2
The Open ISES Project 3.30A SQL Injection via form_post.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/form_post.php endpoint with crafted SQL payloads to extract sensitive database information including schema names and other data.
by Ihsan Sencan
CVSS 8.2
The Open ISES Project 3.30A SQL Injection via nearby.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick_lat and tick_lng parameters. Attackers can send GET requests to nearby.php with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
The Open ISES Project 3.30A SQL Injection via main.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm_passwd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection
by Ihsan Sencan
By Source