Text Exploits
31,386 exploits tracked across all sources.
Pydio Cells < 3.0.12 - Unauthenticated Privilege Escalation via External User Role Assignment
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.
by RedTeam Pentesting GmbH
CVSS 8.8
Pydio Cells < 3.0.12 - Server-Side Request Forgery via Remote Download Job
Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a user-specified folder in Pydio Cells.
by RedTeam Pentesting GmbH
CVSS 6.5
Pydio Cells < 3.0.12 - Cross-Site Scripting via Presigned URL Manipulation
Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript [1]. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it is possible to generate valid signatures for arbitrary download URLs. By uploading an HTML file and modifying the download URL to serve the file inline instead of as an attachment, any included JavaScript code is executed when the URL is opened in a browser, leading to a cross-site scripting vulnerability.
by RedTeam Pentesting GmbH
CVSS 5.4
Camaleon CMS < 2.7.0 - Server-Side Template Injection via Formats Parameter
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
by PARAG BAGUL
CVSS 9.8
Zenphoto 1.6 - Stored Cross-Site Scripting in User Postal Code Field
Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser context.
by Mirabbas Ağalarov
CVSS 4.6
Zenphoto 1.6 - Authenticated Stored Cross-Site Scripting via Album Description
Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users view the album page.
by Mirabbas Ağalarov
CVSS 4.6
UliCMS 2023.1 - Unauthenticated Authentication Bypass via Mass Assignment in UserController
UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specific parameters to generate an administrative account with full system access.
by Mirabbas Ağalarov
CVSS 9.8
WBCE CMS 1.6.1 - Authenticated Stored Cross-Site Scripting via Page Content
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script content in the content parameter to execute JavaScript when users view the affected page.
by Mirabbas Ağalarov
CVSS 5.4
WBCE CMS 1.6.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the /wbce/modules/elfinder/ef/php/connector.wbce.php endpoint and execute JavaScript when victims access the uploaded file.
by Mirabbas Ağalarov
CVSS 5.4
Wondershare Filmora <12.2.1.2088 - Privilege Escalation
Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges.
by Thurein Soe
CVSS 7.8
Service Provider Management System 1.0 - SQL Injection via ID Parameter
Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2
by ASHIK KUNJUMON
CVSS 9.8
WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download
WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps.
by Wadeek
CVSS 7.5
Helakuru 1.1 - Uncontrolled Search Path Element via wow64log.dll
An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file.
by Ahsan Azad
CVSS 7.8
Hubstaff 1.6.14 - DLL Search Order Hijacking
Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application startup.
by Ahsan Azad
CVSS 7.8
Cameleon CMS 2.7.4 - Authenticated Stored Cross-Site Scripting via Post Title
Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts into post titles. Attackers can create posts with embedded SVG scripts that execute when other users mouse over the post title, potentially stealing session cookies and executing arbitrary JavaScript.
by Yasin Gergin
CVSS 4.8
WBiz Desk 1.2 - SQL Injection via Ticket PHP tk Parameter
WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed requests to the ticket endpoint.
by h4ck3r
CVSS 5.4
TinyWebGallery 2.5 - Unauthenticated Remote Code Execution via Malicious PHAR File Upload
TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar files with embedded system commands to execute arbitrary code on the server by accessing the uploaded file's URL.
by Mirabbas Ağalarov
CVSS 9.8
SitemagicCMS 4.4.3 - PHP File Upload Command Execution
SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands.
by Mirabbas Ağalarov
CVSS 9.8
PodcastGenerator 3.2.9 - Stored Cross-Site Scripting via Podcast Title Field
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the podcast title field accessible through the podcast details interface (podcast_details.php). Malicious JavaScript payloads injected into the podcast title execute when users visit the application's home page.
by Mirabbas Ağalarov
CVSS 5.4
PodcastGenerator 3.2.9 - Stored Cross-Site Scripting in Freebox Content Field
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface (theme_freebox.php). Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page.
by Mirabbas Ağalarov
CVSS 5.4
PodcastGenerator 3.2.9 - Stored Cross-Site Scripting in Episode Title Field
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface (episodes_upload.php). Malicious JavaScript payloads injected into episode titles execute when administrators view the episodes list page (episodes_list.php).
by Mirabbas Ağalarov
CVSS 6.1
Affiliate Me <5.0.1 - SQL Injection
Affiliate Me version 5.0.1 contains a SQL injection vulnerability in the admin.php endpoint that allows authenticated administrators to manipulate database queries. Attackers can exploit the 'id' parameter with crafted union-based queries to extract sensitive user information including usernames and password hashes.
by h4ck3r
CVSS 6.5
e107 2.3.2 - Cross-Site Scripting via SEO Project Description Function
Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.
by Hubert Wojciechowski
CVSS 5.4
Screen SFT DAB 600/C Firmware <= 1.9.3 - Unauthenticated Information Disclosure via User Management API
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.
by LiquidWorm
CVSS 5.3
By Source