Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-33352 EXPLOITDB CRITICAL text
Wyomind Help Desk Magento 2 <1.3.7 - RCE
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.
by Patrik Lantz
CVSS 9.8
CVE-2021-33351 EXPLOITDB CRITICAL text
Wyomind Help Desk Magento 2 <1.3.7 - XSS
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.
by Patrik Lantz
CVSS 9.0
EIP-2026-114078 EXPLOITDB python
Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution (RCE) (Authenticated)
by Ron Jost
EIP-2026-106952 EXPLOITDB python
Exam Hall Management System 1.0 - Unrestricted File Upload + RCE (Unauthenticated)
by Davide \'yth1n\' Bianchin
EIP-2026-106862 EXPLOITDB text
Employee Record Management System 1.2 - Stored Cross-Site Scripting (XSS)
by Subhadip Nag
CVE-2021-36621 EXPLOITDB HIGH text
Online Covid Vaccination Scheduler System 1.0 - SQL Injection via Username Parameter
Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator.
by faisalfs10x
CVSS 8.1
CVE-2018-15877 EXPLOITDB HIGH python
Plainview Activity Monitor < 20180826 - OS Command Injection via IP Parameter
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
by Beren Kuday GÖRÜN
CVSS 8.8
CVE-2021-22911 EXPLOITDB CRITICAL python VERIFIED
Rocket.Chat 3.11-3.13 - Unauthenticated NoSQL Injection and Remote Code Execution
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
by enox
CVSS 9.8
CVE-2021-47977 EXPLOITDB HIGH python
WordPress Anti-Malware Security Bruteforce Firewall 4.20.59 Directory Traversal
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the duplicator_download action via admin-ajax.php with path traversal sequences to access sensitive system files outside the intended directory.
by TheSmuggler
CVSS 7.5
CVE-2021-40303 EXPLOITDB MEDIUM text
perfex_crm 1.10 - Cross-Site Scripting via /clients/profile
perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.
by Alhasan Abbas
CVSS 5.4
CVE-2021-36624 EXPLOITDB CRITICAL text
Phone Shop Sales Management System 1.0 - SQL Injection
Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
by faisalfs10x
CVSS 9.8
CVE-2021-36623 EXPLOITDB CRITICAL text
Sourcecodester Phone Shop Sales Management System 1.0 - RCE
Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.
by faisalfs10x
CVSS 9.8
CVE-2021-47799 EXPLOITDB MEDIUM text
Visual Tools DVR VX16 <4.2.28 - Privilege Escalation
Visual Tools DVR VX16 version 4.2.28 contains a local privilege escalation vulnerability in its Sudo configuration that allows attackers to gain root access. Attackers can exploit the unsafe Sudo settings by using mount commands to bind a shell, enabling unauthorized system-level privileges.
by Andrea D\'Ubaldo
CVSS 6.2
CVE-2019-14322 EXPLOITDB HIGH python
Pallets Werkzeug <0.15.5 - Path Traversal
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
by faisalfs10x
CVSS 7.5
EIP-2026-106951 EXPLOITDB php
Exam Hall Management System 1.0 - Unrestricted File Upload (Unauthenticated)
by Thamer Almohammadi
EIP-2026-105481 EXPLOITDB python
Billing System Project 1.0 - Remote Code Execution (RCE) (Unauthenticated)
by Talha DEMİRSOY
CVE-2021-42071 EXPLOITDB CRITICAL text
Visual Tools DVR VX16 4.2.28.0 - Unauthenticated Remote Command Execution via User-Agent Header
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header.
by Andrea D\'Ubaldo
CVSS 9.8
EIP-2026-101865 EXPLOITDB python
Netgear DGN2200v1 - Remote Command Execution (RCE) (Unauthenticated)
by SivertPL
EIP-2026-101568 EXPLOITDB python
Black Box Kvm Extender 3.4.31307 - Local File Inclusion
by Ferhat Çil
CVE-2021-47976 EXPLOITDB HIGH python
TextPattern CMS 4.9.0-dev Authenticated Remote Code Execution via Plugin Upload
TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to the textpattern/tmp/ directory for code execution.
by Mevlüt Akçam
CVSS 8.8
CVE-2021-47975 EXPLOITDB HIGH text
WordPress Plugin WP Learn Manager 1.1.2 Stored XSS
WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the `fieldtitle` parameter. Attackers can submit POST requests to the jslm_fieldordering page with XSS payloads in the fieldtitle field to execute arbitrary JavaScript when administrators view the field ordering interface.
by Mohammed Adam
CVSS 7.2
CVE-2021-43484 EXPLOITDB CRITICAL python
Simple Client Management System 1.0 - RCE
A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request.
by Ishan Saha
CVSS 9.8
CVE-2021-24155 EXPLOITDB HIGH python
Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload via SGBP Import
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.
by Ron Jost
CVSS 7.2
EIP-2026-110297 EXPLOITDB ruby VERIFIED
OpenEMR 5.0.1.7 - 'fileName' Path Traversal (Authenticated) (2)
by Alexandre ZANNI
EIP-2026-110204 EXPLOITDB python
Online Voting System 1.0 - SQLi (Authentication Bypass) + Remote Code Execution (RCE)
by Geiseric