Exploitdb Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-29727 EXPLOITDB MEDIUM text
Surveysparrow Enterprise Survey Software - XSS
Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter.
by Pankaj Kumar Thakur
CVSS 5.4
CVE-2022-29303 EXPLOITDB CRITICAL text
SolarView Compact 6.00 - Command Injection
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.
by Ahmed Alroky
CVSS 9.8
CVE-2021-46422 EXPLOITDB CRITICAL text
Telesquare SDT-CW3B1 1.1.0 - Command Injection
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.
by Ahmed Alroky
CVSS 9.8
CVE-2022-28080 EXPLOITDB HIGH text
Event Management System - SQL Injection
Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter.
by Eren Gozaydin
CVSS 8.8
CVE-2022-28079 EXPLOITDB HIGH text
College Management System - SQL Injection
College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter.
by Eren Gozaydin
CVSS 8.8
CVE-2021-46424 EXPLOITDB CRITICAL text
Telesquare TLR-2005KSH 1.0.0 - File Deletion
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.
by Ahmed Alroky
CVSS 9.1
CVE-2022-50939 EXPLOITDB HIGH text
e107 CMS <3.2.1 - Path Traversal
e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality (image.php) where the upload_caption parameter is not properly sanitized. An attacker with administrative privileges can use directory traversal sequences (../../../) in the upload_caption field to overwrite critical system files outside the intended upload directory. This can lead to complete compromise of the web application by overwriting configuration files, executable scripts, or other critical system components. The vulnerability was discovered by Hubert Wojciechowski and affects the image.php component in the admin interface.
by Hubert Wojciechowski
CVSS 7.2
CVE-2022-50916 EXPLOITDB HIGH text
e107 CMS <3.2.1 - File Upload
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.php in the web application directory.
by Hubert Wojciechowski
CVSS 7.2
CVE-2022-50913 EXPLOITDB HIGH text
ITEC ITeCProteccioAppServer - Code Injection
ITeC ITeCProteccioAppServer contains an unquoted service path vulnerability that allows local attackers to execute code with elevated system privileges. Attackers can insert a malicious executable in the service path to gain elevated access during service restart or system reboot.
by Edgar Carrillo Egea
CVSS 8.4
CVE-2022-50912 EXPLOITDB CRITICAL text
ImpressCMS 1.4.4 - Code Injection
ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the server.
by Ünsal Furkan Harani
CVSS 9.8
CVE-2022-50907 EXPLOITDB HIGH text
e107 CMS <3.2.1 - Authenticated RCE
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL parameter, enabling remote code execution through the Media Manager import feature.
by Hubert Wojciechowski
CVSS 7.2
CVE-2022-50906 EXPLOITDB MEDIUM text
e107 CMS 3.2.1 - XSS
e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting (XSS) payloads that can execute arbitrary scripts when viewed.
by Hubert Wojciechowski
CVSS 4.8
CVE-2022-50905 EXPLOITDB CRITICAL text
e107 CMS 3.2.1 - XSS
e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code through the URL parameter that gets executed when users click outside the comment field after typing content. The second vulnerability involves an upload restriction bypass for authenticated administrators, allowing them to upload SVG files containing malicious code through the media manager's remote URL upload feature. This results in stored XSS when the uploaded SVG files are accessed. These vulnerabilities were discovered by Hubert Wojciechowski and affect the news.php and image.php components of the CMS.
by Hubert Wojciechowski
CVSS 9.8
EIP-2026-118151 EXPLOITDB text
Wondershare Dr.Fone 11.4.10 - Insecure File Permissions
by AkuCyberSec
EIP-2026-118038 EXPLOITDB text
UDisk Monitor Z5 Phone - 'MonServiceUDisk.exe' Unquoted Service Path
by Edgar Carrillo Egea
CVE-2022-30286 EXPLOITDB HIGH text
PyScript <2022-05-04 - Info Disclosure
pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code.
by Momen Eldawakhly
CVSS 7.5
EIP-2026-114087 EXPLOITDB text
WordPress Plugin stafflist 3.1.2 - SQLi (Authenticated)
by Hassan Khan Yusufzai
CVE-2022-1103 EXPLOITDB HIGH text
Advanced Uploader < 4.2 - Unrestricted File Upload
The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE
by Roel van Beurden
CVSS 8.8
CVE-2022-27308 EXPLOITDB MEDIUM text
Phprojekt Phpsimplygest - XSS
A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title.
by Andrea Intilangelo
CVSS 5.4
EIP-2026-109447 EXPLOITDB text
Microfinance Management System 1.0 - 'customer_number' SQLi
by Eren Gozaydin
EIP-2026-109241 EXPLOITDB text
Magento eCommerce CE v2.3.5-p2 - Blind SQLi
by Aydin Naserifard
EIP-2026-108129 EXPLOITDB text
Joomla Plugin SexyPolling 2.1.7 - SQLi
by Wolfgang Hotwagner
CVE-2022-27412 EXPLOITDB CRITICAL text
Exploreit Explore Cms - SQL Injection
Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request.
by Sajibe Kanti
CVSS 9.8
EIP-2026-106262 EXPLOITDB text
CSZ CMS 1.3.0 - 'Multiple' Blind SQLi
by Dogukan Dincer
CVE-2021-31674 EXPLOITDB MEDIUM text
Cyclos < 4.14.7 - XSS
Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant.
by Tin Pham
CVSS 6.1
By Source
All 31,341 Exploitdb 50,121 Writeup 46,662 Nomisec 21,135 Metasploit 3,189 Github 2,237 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,731 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 246 shell 68 go 41 postscript 25 xml 24