Text Exploits
31,343 exploits tracked across all sources.
Mobile Shop System - SQL Injection
An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php.
by Moaaz Taha
CVSS 9.8
Projectworlds Visitor Management System - SQL Injection
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.
by Rahul Ramkumar
CVSS 8.8
Wordpress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure
by redtimmysec
WordPress Plugin HS Brand Logo Slider 2.1 - 'logoupload' File Upload
by Net-Hunter
User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS
by yusufmalikul
Loan Management System 1.0 - Multiple Cross Site Scripting (Stored)
by Akıner Kısa
WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting (Authenticated)
by n1x_
Online Discussion Forum - XSS
The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page.
by j5oh
CVSS 5.4
Phpgurukul Tourism Management System - Unrestricted File Upload
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.
by Ankita Pal
CVSS 8.8
Textpattern CMS 4.6.2 - CSRF
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
by Alperen Ergel
CVSS 8.8
Online Student's Management System 1.0 - Remote Code Execution (Authenticated)
by Akıner Kısa
Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL Injection
by Matthew Aberegg
Nagios XI 5.7.3 - 'Manage Users' Authenticated SQL Injection
by Matthew Aberegg
Nagios XI 5.7.3 - 'Contact Templates' Persistent Cross-Site Scripting
by Matthew Aberegg
Phpgurukul Hostel Management System - XSS
PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.
by Kokn3t
CVSS 5.4
Jenkins Pipeline: Groovy Plugin <2.63 - RCE
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
by Daniel Morris
CVSS 9.9
SourceCodester Employee Management System 1.0 - XSS
A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account.
by Ankita Pal
CVSS 5.4
SourceCodester Alumni Management System 1.0 - SQL Injection
SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php.
by Ankita Pal
CVSS 9.8
aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)
by Ünsal Furkan Harani
Seat Reservation System - SQL Injection
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc.
by Rahul Ramkumar
CVSS 9.1
Restaurant Reservation System 1.0 - 'date' SQL Injection (Authenticated)
by b1nary
By Source