Exploitdb Exploits
50,076 exploits tracked across all sources.
Wordpress RegistrationMagic task_ids Authenticated SQLi
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
by Ron Jost
CVSS 7.2
Mortgage Calculators WP <1.56 - XSS
The Mortgage Calculators WP WordPress plugin before 1.56 does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
by Ceylan BOZOĞULLARINDAN
CVSS 4.8
WordPress Modern Events Calendar SQLi Scanner
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue
by Ron Jost
CVSS 9.8
Local Privilege Escalation in polkits pkexec
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
by Lance Biggerstaff
CVSS 7.8
Online Project Time Management System v1.0 - XSS
A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field.
by Felipe Alcantara
CVSS 5.4
Online Project Time Management System v1.0 - SQL Injection
Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php.
by Felipe Alcantara
CVSS 9.8
phpipam 1.4.4 - Authenticated SQL Injection via Subnet Parameter
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
by Rodolfo Tavares
CVSS 7.2
Landa Driving School Management System 2.0.1 - Arbitrary File Upload
by Sohel Yousef
Rocket LMS 1.1 Persistent Cross-Site Scripting via Support Tickets
Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attackers can submit support tickets with embedded HTML/JavaScript payloads that execute in the browsers of other users viewing the message history, enabling session hijacking and phishing attacks.
by Vulnerability-Lab
CVSS 6.4
uDoctorAppointment v2.1.1 - 'Multiple' Cross Site Scripting (XSS)
by Vulnerability-Lab
Affiliate Pro 1.7 - 'Multiple' Cross Site Scripting (XSS)
by Vulnerability-Lab
Nyron 1.0 - SQL Injection via thes1 Parameter
Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. To exploit this vulnerability, an attacker must inject '"> on the thes1 parameter.
by Miguel Santareno
CVSS 9.8
Archeevo <5.0 - Local File Inclusion
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files.
by Miguel Santareno
CVSS 7.5
OpenBMCS 2.4 - Unauthenticated Information Disclosure via Directory Listing
OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information.
by LiquidWorm
CVSS 7.5
OpenBMCS 2.4 - Authenticated SQL Injection via obix_test.php id Parameter
OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obix_test.php with malicious 'id' values to extract database information.
by LiquidWorm
CVSS 6.5
OpenBMCS 2.4 phpQuery.php - ip Parameter Server-Side Request Forgery
OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.
by LiquidWorm
CVSS 7.2
OpenBMCS 2.4 - Cross-Site Request Forgery via sendFeedback.php Endpoint
OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings.
by LiquidWorm
CVSS 4.3
OpenBMCS 2.4 - Privilege Escalation via User Permissions Update Script
OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory.
by LiquidWorm
CVSS 8.8
Sourcecodester Simple Chatbot App <1.0 - RCE
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php.
by Saud Alenazi
CVSS 9.8
Sourcecodester Simple Chatbot App 1.0 - SQL Injection
An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php.
by Saud Alenazi
CVSS 9.8
Online Resort Management System 1.0 - SQLi (Authenticated)
by Gaurav Grover
Crestron HD-MD4X2-4K-E Firmware 1.0.0.2159 - Unauthenticated Credential Disclosure via aj.html
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.
by RedTeam Pentesting GmbH
CVSS 9.8
Online Diagnostic Lab Management System 1.0 - RCE
An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request using the id, email, password, and cpass parameters.
by Himash
CVSS 6.3
SalonERP 3.0.1 - SQL Injection via Report Generation SQL Parameter
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password.
by Betul Denizler
CVSS 8.8
By Source