Exploitdb Exploits
50,076 exploits tracked across all sources.
Ericsson Network Location <2021-07-31 - Command Injection
In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created.
by AkkuS
CVSS 8.8
Codiad 2.8.4 - Remote Code Execution (Authenticated) (4)
by P4p4_M4n3
Umbraco CMS 8.14.1 - Server-Side Request Forgery via Dashboard and Help Controller Endpoints
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts.
by NgoAnhDuc
CVSS 5.3
Automated Logic WebCTRL < 6.5 - Reflected Cross-Site Scripting via operatorlocale Parameter
The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization.
by 3ndG4me
CVSS 6.1
Movable Type < 1.46, 4.0-6.3.11, 6.5.0-6.8.2 - Remote Code Execution via XMLRPC API
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.
by Charl-Alexandre Le Brun
CVSS 9.8
Hostel Management System 2.1 - XSS, CSRF
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.
by Anubhav Singh
CVSS 8.8
WordPress Plugin Supsystic Contact Form 1.7.18 - 'label' Stored Cross-Site Scripting (XSS)
by Murat DEMİRCİ
WordPress Plugin Filterable Portfolio Gallery 1.0 Stored XSS
Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Attackers can store JavaScript code like image tags with onerror handlers that execute when the gallery is previewed, affecting all users viewing the page.
by Murat DEMİRCİ
CVSS 6.4
Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthenticated
Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the com_baforms component with malicious JSON payloads in the 'id' field parameter to extract sensitive database information.
by blockomat2100
CVSS 8.2
Sourcecodester Engineers Online Portal - SQL Injection via Quiz Question ID Parameter
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.
by Alon Leviev
CVSS 8.8
Engineers Online Portal - SQL Injection via Login Form
An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.
by Alon Leviev
CVSS 9.8
Engineers Online Portal - Stored Cross-Site Scripting via Quiz Title and Description Parameters
A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.
by Alon Leviev
CVSS 5.4
Sourcecodester Online Event Booking and Reservation System - Stored Cross-Site Scripting via Holiday Reason Parameter
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.
by Alon Leviev
CVSS 5.4
Build Smart ERP 21.0817 - SQL Injection
Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' parameter of the login validation endpoint. Attackers can inject stacked SQL queries using payloads like ';WAITFOR DELAY '0:0:3'-- to manipulate database queries and potentially extract or modify database information.
by Nehru Sethuraman
CVSS 8.2
OpenClinic GA 5.194.18 - Authenticated Insecure Permissions and Unquoted Service Path
OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.
by Alessandro Salzano
CVSS 7.8
Gestionale Open 11.00.00 - Insecure Permissions Leading to Privilege Escalation via mysqld.exe Replacement
An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.
by Alessandro Salzano
CVSS 7.8
TaxoPress < 3.0.7.2 - Authenticated Stored Cross-Site Scripting in Taxonomy Description Field
The TaxoPress – Create and Manage Taxonomies, Tags, Categories WordPress plugin before 3.0.7.2 does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue.
by Akash Patil
CVSS 4.8
WordPress Plugin Ninja Tables 4.1.7 - Stored Cross-Site Scripting (XSS)
by Akash Patil
WordPress Plugin Media-Tags 3.2.0.2 - Stored Cross-Site Scripting (XSS)
by Akash Patil
Wordpress 4.9.6 - Arbitrary File Deletion (Authenticated) (2)
by samguy
phpMyAdmin 4.8.x <4.8.2 - Code Injection
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).
by samguy
CVSS 8.8
Engineers Online Portal 1.0 - File Upload Remote Code Execution (RCE)
by SadKris
Apache HTTP Server 2.4.49-2.4.50 - Path Traversal and Remote Code Execution via Alias-like Directives
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
by ThelastVvV
CVSS 9.8
By Source