Exploitdb Exploits
50,076 exploits tracked across all sources.
SourceCodester Music Gallery Site 1.0 - SQL Injection via cid Parameter in music_list.php
A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the component GET Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221553 was assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
SourceCodester Music Gallery Site 1.0 - Improper Access Control in Users.php POST Request Handler
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221633 was assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 7.3
Intern Record System 1.0 - SQL Injection via Phone/Email/DeptType/Name Parameters
SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information.
by Hamdi Sevben
CVSS 9.8
Simple Food Ordering System 1.0 - Cross-Site Scripting in process_order.php
A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.
by Muhammad Navaid Zafar Ansari
CVSS 3.5
SourceCodester Employee Task Management System 1.0 - SQL Injection via task_id Parameter
A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file task-details.php. The manipulation of the argument task_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221453 was assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
SourceCodester Employee Task Management System 1.0 - Improper Authentication via changePasswordForEmployee.php
A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221454 is the identifier assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 7.3
dompdf < 1.2.1 - Remote Code Execution via CSS @font-face src:url
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).
by Ravindu Wickramasinghe
CVSS 9.8
Best POS Management System 1.0 - Unrestricted File Upload via Image Handler
A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function save_settings of the file index.php?page=site_settings of the component Image Handler. The manipulation of the argument img with the input ../../shell.php leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591.
by Ahmed Ismail
CVSS 4.7
Auto Dealer Management System 1.0 - SQL Injection via Manage User ID Parameter
A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. Affected is an unknown function of the file /adms/admin/?page=user/manage_user. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221490 is the identifier assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
Auto Dealer Management System 1.0 - SQL Injection via Sell Vehicle ID Parameter
A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. This vulnerability affects unknown code of the file /adms/admin/?page=vehicles/sell_vehicle. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221482 is the identifier assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 4.7
Auto Dealer Management System 1.0 - SQL Injection via id Parameter in view_transaction Page
A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. This affects an unknown part of the file /adms/admin/?page=vehicles/view_transaction. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221481 was assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 4.7
Auto Dealer Management System 1.0 - Improper Access Control in Users.php
A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221491.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE
by nu11secur1ty
Art Gallery Management System Project in PHP 1.0 - SQL Injection via pid Parameter
Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page.
by Yogesh Verma
CVSS 9.8
AgileBio Electronic Lab Notebook <4.234 - Local File Inclusion
AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.
by Anthony Cole
CVSS 8.8
HospitalRun 1.0.0-beta - Local Root Exploit for macOS
by Jean Pereira
SeowonIntech SWC-5100W Firmware 1.11.0.1, 1.9.9.4 - OS Command Injection via doSystem() Function
SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem() function.
by Momen Eldawakhly
CVSS 8.8
Osprey Pump Controller v1.0.1 - Unauthenticated Reflected XSS
by LiquidWorm
Osprey Pump Controller 1.0.1 - Unauthenticated Remote Code Execution Exploit
by LiquidWorm
Osprey Pump Controller 1.0.1 - Unauthenticated File Disclosure
by LiquidWorm
Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack
by LiquidWorm
Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery
by LiquidWorm
By Source