Exploitdb Exploits
50,130 exploits tracked across all sources.
Best Pos Management System - Unrestricted File Upload
A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function save_settings of the file index.php?page=site_settings of the component Image Handler. The manipulation of the argument img with the input ../../shell.php leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591.
by Ahmed Ismail
CVSS 4.7
Auto Dealer Management System - SQL Injection
A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. Affected is an unknown function of the file /adms/admin/?page=user/manage_user. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221490 is the identifier assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
Auto Dealer Management System - SQL Injection
A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. This vulnerability affects unknown code of the file /adms/admin/?page=vehicles/sell_vehicle. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221482 is the identifier assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 4.7
Auto Dealer Management System - SQL Injection
A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. This affects an unknown part of the file /adms/admin/?page=vehicles/view_transaction. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221481 was assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 4.7
Auto Dealer Management System - Improper Access Control
A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221491.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE
by nu11secur1ty
Phpgurukul Art Gallery Management System - SQL Injection
Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page.
by Yogesh Verma
CVSS 9.8
AgileBio Electronic Lab Notebook <4.234 - Local File Inclusion
AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.
by Anthony Cole
CVSS 8.8
HospitalRun 1.0.0-beta - Local Root Exploit for macOS
by Jean Pereira
Seowonintech Swc-5100w Firmware - OS Command Injection
SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem() function.
by Momen Eldawakhly
CVSS 8.8
Osprey Pump Controller v1.0.1 - Unauthenticated Reflected XSS
by LiquidWorm
Osprey Pump Controller 1.0.1 - Unauthenticated Remote Code Execution Exploit
by LiquidWorm
Osprey Pump Controller 1.0.1 - Unauthenticated File Disclosure
by LiquidWorm
Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack
by LiquidWorm
Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery
by LiquidWorm
Osprey Pump Controller 1.0.1 - Authentication Bypass Credentials Modification
by LiquidWorm
Osprey Pump Controller 1.0.1 - Administrator Backdoor Access
by LiquidWorm
Osprey Pump Controller 1.0.1 - (userName) Blind Command Injection
by LiquidWorm
Osprey Pump Controller 1.0.1 - (pseudonym) Semi-blind Command Injection
by LiquidWorm
Osprey Pump Controller 1.0.1 - (eventFileSelected) Command Injection
by LiquidWorm
Easynas - Command Injection
A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
by Ivan Spiridonov
CVSS 6.3
Commscope Arris Tg2482a Firmware < 9.1.103 - Command Injection
Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.
by Yerodin Richards
CVSS 8.8
ABUS TVIP - RCE
ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.
CVSS 7.2
By Source