Exploitdb Exploits
50,076 exploits tracked across all sources.
WordPress 3.7-3.7.36 - SQL Injection via WP_Query
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
by Aryan Chehreghani
CVSS 8.0
Online Diagnostic Lab Management System 1.0 - Stored Cross Site Scripting (XSS)
by Himash
Online Diagnostic Lab Management System 1.0 - SQL Injection (Unauthenticated)
by Himash
Hospitals Patient Records Management System 1.0 - 'room_types' Stored Cross Site Scripting (XSS)
by Sant268
Hospitals Patient Records Management System 1.0 - 'room_list' Stored Cross Site Scripting (XSS)
by Sant268
Hospitals Patient Records Management System 1.0 - 'doctors' Stored Cross Site Scripting (XSS)
by Sant268
Microsoft Windows .Reg File - Dialog Spoof / Mitigation Bypass
by hyp3rlinx
Frontend Uploader < 1.3.2 - Unauthenticated Stored Cross-Site Scripting via HTML File Upload
The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly
by Veshraj Ghimire
CVSS 6.1
Element-IT HTTP Commander 3.1.9 - XSS
A cross-site scripting (XSS) vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames.
by Oscar Sandén
CVSS 5.4
CoreFTP Server < 727 - Authenticated Path Traversal via HTTP PUT Request
CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.
by LiamInfosec
CVSS 6.5
VUPlayer < 2.49 - Buffer Overflow via Long URL in .pls File
Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line.
by Bryan Leong
CVSS 8.8
Open-AudIT < 4.2.0 - Cross-Site Scripting via URL Parameter
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.
by Dominic Clark
CVSS 6.1
Online Railway Reservation System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
by Zachary Asher
Online Railway Reservation System 1.0 - Admin Account Creation (Unauthenticated)
by Zachary Asher
Online Railway Reservation System 1.0 - 'Multiple' Stored Cross Site Scripting (XSS) (Unauthenticated)
by Zachary Asher
Online Railway Reservation System 1.0 - 'id' SQL Injection (Unauthenticated)
by twseptian
Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection
by twseptian
WordPress Plugin AAWP 3.16 Reflected XSS via tab Parameter
WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrary JavaScript in the context of authenticated users.
by Andrea Bocchetti
CVSS 5.4
RiteCMS < 3.1.0 - Authenticated Arbitrary File Deletion via Path Traversal
RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints.
by faisalfs10x
CVSS 6.5
ritecms < 3.1.0 - Authenticated Arbitrary File Overwrite via Path Traversal
RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution.
by faisalfs10x
CVSS 6.5
Hostel Management System v2.1 - XSS
Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page.
by Chinmay Divekar
CVSS 5.4
Online Admission System 1.0 - Code Injection
The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution.
by Jeremiasz Pluta
CVSS 9.8
Vodafone H500s <3.5.10 - Info Disclosure
Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document that contains the wifi_password field. This allows an unauthenticated attacker to obtain the WiFi credentials and gain unauthorized access to the wireless network, compromising confidentiality of network traffic and attached systems.
by Daniel Monzón
AWebServer GhostBuilding 18 - Denial of Service via High-Volume HTTP Requests
AWebServer GhostBuilding 18 contains a denial of service vulnerability that allows remote attackers to overwhelm the server by sending multiple concurrent HTTP requests. Attackers can generate high-volume requests to multiple endpoints including /mysqladmin to potentially crash or render the service unresponsive.
by Andres Ramos
CVSS 7.5
By Source