Exploitdb Exploits
50,076 exploits tracked across all sources.
blog_project/blog < 1.4 - Remote Code Execution via Unchecked Image Function Return Values
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
by Malte V
CVSS 8.5
T-Soft E-Commerce 4 - SQL Injection
The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can bypass authentication mechanisms, view sensitive information stored in the database, and potentially exfiltrate data.
by Alperen Ergel
CVSS 7.2
showdoc < 2.10.4 - Stored Cross-Site Scripting via File Upload
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.
by Akshay Ravi
CVSS 5.4
T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting (XSS)
by Alperen Ergel
Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting via Signup Parameter
Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter.
by Pankaj Kumar Thakur
CVSS 5.4
SolarView Compact 6.00 - Command Injection
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.
by Ahmed Alroky
CVSS 9.8
Telesquare SDT-CW3B1 1.1.0 - Command Injection
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.
by Ahmed Alroky
CVSS 9.8
Royal Event Management System 1.0 - SQL Injection via todate Parameter
Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter.
by Eren Gozaydin
CVSS 8.8
College Management System 1.0 - SQL Injection via course_code Parameter
College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter.
by Eren Gozaydin
CVSS 8.8
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
by Yesith Alvarez
CVSS 9.8
Telesquare TLR-2005KSH 1.0.0 - File Deletion
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.
by Ahmed Alroky
CVSS 9.1
e107 CMS 3.2.1 - Authenticated Path Traversal and Arbitrary File Write via Media Manager Upload Caption
e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality (image.php) where the upload_caption parameter is not properly sanitized. An attacker with administrative privileges can use directory traversal sequences (../../../) in the upload_caption field to overwrite critical system files outside the intended upload directory. This can lead to complete compromise of the web application by overwriting configuration files, executable scripts, or other critical system components. The vulnerability was discovered by Hubert Wojciechowski and affects the image.php component in the admin interface.
by Hubert Wojciechowski
CVSS 7.2
e107 CMS 3.2.1 - Authenticated Arbitrary File Write via Media Manager Import URL Parameter
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.php in the web application directory.
by Hubert Wojciechowski
CVSS 7.2
ITEC ITeCProteccioAppServer - Code Injection
ITeC ITeCProteccioAppServer contains an unquoted service path vulnerability that allows local attackers to execute code with elevated system privileges. Attackers can insert a malicious executable in the service path to gain elevated access during service restart or system reboot.
by Edgar Carrillo Egea
CVSS 8.4
ImpressCMS 1.4.4 - Unrestricted File Upload via Weak Extension Sanitization Bypass
ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the server.
by Ünsal Furkan Harani
CVSS 9.8
e107 CMS <3.2.1 - Authenticated RCE
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL parameter, enabling remote code execution through the Media Manager import feature.
by Hubert Wojciechowski
CVSS 7.2
e107 CMS 3.2.1 - Authenticated Stored Cross-Site Scripting via SVG Upload Bypass
e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting (XSS) payloads that can execute arbitrary scripts when viewed.
by Hubert Wojciechowski
CVSS 4.8
e107 CMS 3.2.1 - Authenticated Reflected Cross-Site Scripting via News Comment URL Parameter
e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code through the URL parameter that gets executed when users click outside the comment field after typing content. The second vulnerability involves an upload restriction bypass for authenticated administrators, allowing them to upload SVG files containing malicious code through the media manager's remote URL upload feature. This results in stored XSS when the uploaded SVG files are accessed. These vulnerabilities were discovered by Hubert Wojciechowski and affect the news.php and image.php components of the CMS.
by Hubert Wojciechowski
CVSS 9.8
Beehive Forum 1.5.2 - Host Header Injection
Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate password reset requests. Attackers can inject a malicious host header to intercept password reset tokens and change victim account passwords without direct authentication.
by Pablo Santiago
CVSS 9.8
Wondershare Dr.Fone - Unauthenticated Remote Code Execution via InstallAssistService.exe UDP Communication
Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges
by Netanel Cohen
CVSS 9.8
Prime95 Version 30.7 build 9 - Remote Code Execution (RCE)
by Yehia Elghaly
Zohocorp ManageEngine ADAudit Plus - NTLM Hash Disclosure
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
by Metin Yunus Kandemir
CVSS 8.8
Wondershare Dr.Fone - Unauthenticated Privilege Escalation via ElevationService.exe
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.
by Netanel Cohen
CVSS 8.8
Wondershare Dr.Fone 11.4.10 - Insecure File Permissions
by AkuCyberSec
UDisk Monitor Z5 Phone - 'MonServiceUDisk.exe' Unquoted Service Path
by Edgar Carrillo Egea
By Source