Exploitdb Exploits
50,076 exploits tracked across all sources.
Orangescrum 1.8.0 - Authenticated SQL Injection via Multiple Parameters
Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like old_project_id, project_id, uuid, and uniqid to potentially extract or modify database information.
by Hubert Wojciechowski
CVSS 7.1
Orangescrum 1.8.0 - Authenticated Cross-Site Scripting via Input Parameters
Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CS_message', and 'name' to execute arbitrary JavaScript code in victim's browsers by submitting crafted payloads through application endpoints.
by Hubert Wojciechowski
CVSS 5.4
Bagisto 1.3.3 - Client-Side Template Injection
by Mohamed Abdellatif Jaber
HTTPDebuggerPro 9.11 - Code Injection
HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables and gain elevated access to the system.
by Aryan Chehreghani
CVSS 7.8
CMSimple 5.4 - Authenticated Local File Inclusion and Remote Code Execution via Session File Manipulation
CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file upload mechanisms.
by S1lv3r
CVSS 7.8
Bus Pass Management System 1.0 - SQL Injection via Searchdata Parameter
Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php..
by Abhijeet Singh
CVSS 9.8
Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure
by Keyvan Hardani
WebRun 3.6.0.42 - SQL Injection via P_0 Parameter
WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process.
by Vinicius Alves
CVSS 9.8
GNU gdbserver 9.2 - Remote Command Execution (RCE)
by Roberto Gesteira Miñarro
Linux Polkit pkexec helper PTRACE_TRACEME local root exploit
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
by Ujas Dhami
CVSS 7.8
Aimeos 2021.10 LTS - SQL Injection via JSON API Sort Parameter
Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint.
by Ilker Burak ADIYAMAN
CVSS 8.2
Pinkie 2.15 - Denial of Service via TFTP Read Request
Pinkie 2.15 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1.
by Yehia Elghaly
CVSS 7.5
Quick.CMS 6.7 Cross-Site Scripting via CSRF to Sliders Form
Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute arbitrary JavaScript in victim browsers when the form is submitted.
by Rahad Chowdhury
CVSS 5.4
Wordpress Plugin Smart Product Review <= 1.0.4 - Unauthenticated Arbitrary File Upload
The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
by Keyvan Hardani
CVSS 9.8
GitLab 11.9.0-13.8.7 - Unauthenticated Remote Code Execution via ExifTool Image Parsing
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
by Jacob Baines
CVSS 10.0
SuiteCRM < 7.11.19 - Remote Code Execution via Log File Name Setting
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.
by M. Cory Billington
CVSS 8.8
Bludit 3.13.1 - Cross-Site Scripting via Admin Login Username
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
by Vasu
CVSS 6.1
CMDBuild 3.3.2 Multiple Stored Cross-Site Scripting
CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file attachments in the classes endpoint, which execute when other users view the affected records or preview attachments.
by Hosein Vita
CVSS 6.4
Online Learning System 2.0 - SQL Injection Authentication Bypass and Authenticated File Upload
Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution.
by djebbaranon
CVSS 9.8
Fuel CMS 1.4.13 Blind SQL Injection via col Parameter
Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col' parameter to extract database information based on response time delays.
by Rahad Chowdhury
CVSS 7.1
WordPress Contact Form to Email 1.3.24 Stored XSS
Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name field. Attackers can craft form names containing JavaScript code that executes when other logged-in users access the form management page, enabling session hijacking or credential theft.
by Mohammed Aadhil Ashfaq
CVSS 6.4
konga 0.14.9 - Incorrect Authorization
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.
by Fabricio Salomao
CVSS 8.8
WPSchoolPress < 2.1.17 - Stored Cross-Site Scripting via Insufficient Output Escaping
The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues.
by Davide Taraschi
CVSS 4.8
By Source