Exploitdb Exploits
50,135 exploits tracked across all sources.
WP Visitor Statistics <4.8 - SQL Injection
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks
by Ron Jost
CVSS 8.8
Trueranker True Ranker < 2.2.2 - Path Traversal
The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file.
by Liad Levy
CVSS 7.5
WordPress Plugin Contact Form Entries 1.1.6 - Cross Site Scripting (XSS) (Unauthenticated)
by Gaetano Perrone
WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting (XSS) (Authenticated)
by Andrea Bocchetti
Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection
by Milad karimi
Terramaster TOS 4.2.15 - Remote Code Execution (RCE) (Unauthenticated)
by n0tme
Safarimontage Safari Montage - XSS
Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes.
by Momen Eldawakhly
CVSS 6.1
Projeqtor v9.3.1 - Stored Cross Site Scripting (XSS)
by Oscar Gil Gutierrez
openSIS Student Information System 8.0 - 'multiple' SQL Injection
by securityforeveryone.com
Nettmp NNT 5.1 - SQL Injection
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.
by Momen Eldawakhly
CVSS 9.8
Movie Rating System 1.0 - SQLi to RCE (Unauthenticated)
by Tagoletta
Movie Rating System 1.0 - Broken Access Control (Admin Account Creation) (Unauthenticated)
by Tagoletta
Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting (XSS)
by Akash Patil
Hospitals Patient Records Management System 1.0 - Account TakeOver
by twseptian
Hospitals Patient Records Management System 1.0 - 'id' SQL Injection (Authenticated)
by twseptian
BeyondTrust Remote Support 6.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
by Malcrove
ConnectWise Control <19.3.25270.7185 - Info Disclosure
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username.
by Luca Cuzzolin
CVSS 5.3
Accu-Time Systems MAXIMUS 1.0 - Telnet Remote Buffer Overflow (DoS)
by Yehia Elghaly
Phpkf Cms - Unrestricted File Upload
phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter.
by Halit AKAYDIN
CVSS 9.8
wbce_cms - SQL Injection
wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
by citril
CVSS 9.8
Arunna - CSRF
Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users into submitting the form.
by =(L_L)=
CVSS 6.5
By Source