Exploitdb Exploits
50,076 exploits tracked across all sources.
OpenPLC v3 - Authenticated Remote Code Execution via Hardware Configuration Interface
OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that establishes a network connection to a specified IP and port, enabling remote command execution.
by Fellipe Oliveira
CVSS 8.8
Hasura GraphQL 1.3.3 - Remote Code Execution via SQL Query Manipulation in run_sql Endpoint
Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the run_sql endpoint by crafting malicious GraphQL queries that execute system commands through PostgreSQL's COPY FROM PROGRAM functionality.
by Dolev Farhi
CVSS 9.8
SEO Panel 4.8.0 - SQL Injection via order_col Parameter
The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.
by nu11secur1ty
CVSS 7.2
GetSimple CMS My SMTP Contact Plugin 1.1.2 - XSS
GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary client-side code that executes in the administrator's browser when visiting a malicious page.
by boku
CVSS 5.4
GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not directly enable remote code execution.
by boku
CVSS 6.5
dzzoffice < 2.02.1 - Cross-Site Scripting via editorid Parameter
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
by nu11secur1ty
CVSS 6.1
Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)
by LiquidWorm
Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS)
by LiquidWorm
Remote Clinic 2.0 - Stored Cross-Site Scripting via Medicine Name Field
Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field.
by Saud Ahmad
CVSS 5.4
CMS Made Simple 2.2.15 - Authenticated Cross-Site Scripting via Title Field
CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field.
by bt0
CVSS 5.4
rconfig 3.9.6 - Arbitrary File Upload and Remote Code Execution via PHP File
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.
by Vishwaraj Bhattrai
CVSS 8.8
OpenEMR 5.0.2.1 - Authenticated Stored Cross-Site Scripting via User Profile Parameters
OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability in user profile parameters that authenticated attackers can chain with a file upload to achieve remote code execution. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enabling remote command execution on the vulnerable OpenEMR instance.
by Hato0
CVSS 5.4
Tenda D151 and D301 Firmware - Unauthenticated Configuration Download via getimage Endpoint
Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without authentication.
by BenChaliah
CVSS 7.5
Hasura GraphQL 1.3.3 - Server-Side Request Forgery via Remote Schema Injection
Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the add_remote_schema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL definitions to potentially access internal network resources.
by Dolev Farhi
CVSS 5.3
Hasura GraphQL 1.3.3 - Local File Read via SQL Injection in Query Endpoint
Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the query endpoint. Attackers can exploit the pg_read_file() PostgreSQL function by crafting malicious SQL queries to read arbitrary files on the server.
by Dolev Farhi
CVSS 5.5
Hasura GraphQL 1.3.3 - Denial of Service via Malicious GraphQL Query
Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.
by Dolev Farhi
CVSS 7.5
WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS)
by Himamshu Dilip Kulkarni
Remote Clinic 2.0 - Stored Cross-Site Scripting via Staff Registration First or Last Name Field
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php.
by nu11secur1ty
CVSS 5.4
Grav Admin Plugin < 1.10.8 - Unauthenticated Arbitrary YAML Write via Administrator Controller
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.
by Mehmet Ince
CVSS 9.3
BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS)
by Ömer Hasan Durmuş
By Source