Exploitdb Exploits

31,343 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-53957 EXPLOITDB CRITICAL text
Kimai <1.30.10 - XSS
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.
by nu11secur1ty
CVSS 9.8
CVE-2023-53956 EXPLOITDB HIGH text
Flatnux 2021-03.25 - RCE
Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server.
by Ömer Hasan Durmuş
CVSS 8.8
CVE-2023-22629 EXPLOITDB HIGH text
Southrivertech Titan FTP Server < 1.94.1205 - Path Traversal
An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.
by Andreas Finstad
CVSS 8.8
CVE-2022-40032 EXPLOITDB CRITICAL text VERIFIED
Simple Task Managing System - SQL Injection
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.
by Hamdi Sevben
CVSS 9.8
CVE-2023-0902 EXPLOITDB LOW text VERIFIED
Simple Food Ordering System - XSS
A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.
by Muhammad Navaid Zafar Ansari
CVSS 3.5
EIP-2026-111594 EXPLOITDB text VERIFIED
Purchase Order Management-1.0 - Local File Inclusion
by nu11secur1ty
CVE-2023-0961 EXPLOITDB MEDIUM text VERIFIED
Music Gallery Site - SQL Injection
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. This affects an unknown part of the file view_music_details.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221631.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
CVE-2023-0962 EXPLOITDB MEDIUM text VERIFIED
Music Gallery Site - SQL Injection
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file Master.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221632.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
CVE-2023-0938 EXPLOITDB MEDIUM text VERIFIED
Music Gallery Site - SQL Injection
A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the component GET Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221553 was assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
CVE-2023-0963 EXPLOITDB HIGH text VERIFIED
Music Gallery Site - Improper Access Control
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221633 was assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 7.3
CVE-2022-40347 EXPLOITDB CRITICAL text VERIFIED
Intern Record System - SQL Injection
SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information.
by Hamdi Sevben
CVSS 9.8
CVE-2023-0902 EXPLOITDB LOW text VERIFIED
Simple Food Ordering System - XSS
A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.
by Muhammad Navaid Zafar Ansari
CVSS 3.5
CVE-2023-0904 EXPLOITDB MEDIUM text VERIFIED
Employee Task Management System - SQL Injection
A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file task-details.php. The manipulation of the argument task_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221453 was assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
CVE-2023-0905 EXPLOITDB HIGH text VERIFIED
Employee Task Management System - Authentication Bypass
A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221454 is the identifier assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 7.3
EIP-2026-105847 EXPLOITDB text
ChurchCRM v4.5.3-121fcc1 - SQL Injection
by nu11secur1ty
EIP-2026-105452 EXPLOITDB text
Best pos Management System v1.0 - SQL Injection
by Ahmed Ismail
CVE-2023-0943 EXPLOITDB MEDIUM text VERIFIED
Best Pos Management System - Unrestricted File Upload
A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function save_settings of the file index.php?page=site_settings of the component Image Handler. The manipulation of the argument img with the input ../../shell.php leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591.
by Ahmed Ismail
CVSS 4.7
CVE-2023-0915 EXPLOITDB MEDIUM text VERIFIED
Auto Dealer Management System - SQL Injection
A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. Affected is an unknown function of the file /adms/admin/?page=user/manage_user. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221490 is the identifier assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
CVE-2023-0913 EXPLOITDB MEDIUM text VERIFIED
Auto Dealer Management System - SQL Injection
A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. This vulnerability affects unknown code of the file /adms/admin/?page=vehicles/sell_vehicle. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221482 is the identifier assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 4.7
CVE-2023-0912 EXPLOITDB MEDIUM text VERIFIED
Auto Dealer Management System - SQL Injection
A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. This affects an unknown part of the file /adms/admin/?page=vehicles/view_transaction. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221481 was assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 4.7
CVE-2023-0916 EXPLOITDB MEDIUM text VERIFIED
Auto Dealer Management System - Improper Access Control
A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221491.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
EIP-2026-105285 EXPLOITDB text
atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE
by nu11secur1ty
EIP-2026-104213 EXPLOITDB text
craftercms 4.x.x - CORS
by nu11secur1ty
EIP-2026-101404 EXPLOITDB text
Osprey Pump Controller v1.0.1 - Unauthenticated Reflected XSS
by LiquidWorm
EIP-2026-101402 EXPLOITDB text
Osprey Pump Controller 1.0.1 - Unauthenticated File Disclosure
by LiquidWorm
By Source
All 31,343 Exploitdb 50,150 Writeup 46,624 Nomisec 21,124 Metasploit 3,189 Github 2,234 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,343 ruby 5,920 python 5,756 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 246 shell 68 go 41 postscript 25 xml 24