Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109574 EXPLOITDB text
Montiorr 1.7.6m - Persistent Cross-Site Scripting
by Ahmad Shakla
EIP-2026-109005 EXPLOITDB text
Kimai 1.14 - CSV Injection
by Mohammed Aloraimi
CVE-2021-47770 EXPLOITDB HIGH python
OpenPLC v3 - Authenticated Remote Code Execution via Hardware Configuration Interface
OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that establishes a network connection to a specified IP and port, enabling remote command execution.
by Fellipe Oliveira
CVSS 8.8
CVE-2021-47748 EXPLOITDB CRITICAL python
Hasura GraphQL 1.3.3 - Remote Code Execution via SQL Query Manipulation in run_sql Endpoint
Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the run_sql endpoint by crafting malicious GraphQL queries that execute system commands through PostgreSQL's COPY FROM PROGRAM functionality.
by Dolev Farhi
CVSS 9.8
CVE-2021-28419 EXPLOITDB HIGH python
SEO Panel 4.8.0 - SQL Injection via order_col Parameter
The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.
by nu11secur1ty
CVSS 7.2
CVE-2021-47870 EXPLOITDB MEDIUM python
GetSimple CMS My SMTP Contact Plugin 1.1.2 - XSS
GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary client-side code that executes in the administrator's browser when visiting a malicious page.
by boku
CVSS 5.4
CVE-2021-47830 EXPLOITDB MEDIUM python
GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not directly enable remote code execution.
by boku
CVSS 6.5
EIP-2026-109580 EXPLOITDB text
Moodle 3.10.3 - 'url' Persistent Cross Site Scripting
by UVision
CVE-2021-3318 EXPLOITDB MEDIUM python
dzzoffice < 2.02.1 - Cross-Site Scripting via editorid Parameter
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
by nu11secur1ty
CVSS 6.1
EIP-2026-102003 EXPLOITDB html
Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)
by LiquidWorm
EIP-2026-102002 EXPLOITDB html
Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS)
by LiquidWorm
CVE-2021-31327 EXPLOITDB MEDIUM text
Remote Clinic 2.0 - Stored Cross-Site Scripting via Medicine Name Field
Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field.
by Saud Ahmad
CVSS 5.4
CVE-2021-28935 EXPLOITDB MEDIUM text
CMS Made Simple 2.2.15 - Authenticated Cross-Site Scripting via Title Field
CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field.
by bt0
CVSS 5.4
EIP-2026-104629 EXPLOITDB python
OTRS 6.0.1 - Remote Command Execution (2)
by Hex_26
CVE-2022-44384 EXPLOITDB HIGH python
rconfig 3.9.6 - Arbitrary File Upload and Remote Code Execution via PHP File
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.
by Vishwaraj Bhattrai
CVSS 8.8
CVE-2021-47817 EXPLOITDB MEDIUM python
OpenEMR 5.0.2.1 - Authenticated Stored Cross-Site Scripting via User Profile Parameters
OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability in user profile parameters that authenticated attackers can chain with a file upload to achieve remote code execution. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enabling remote command execution on the vulnerable OpenEMR instance.
by Hato0
CVSS 5.4
CVE-2021-47802 EXPLOITDB HIGH python
Tenda D151 and D301 Firmware - Unauthenticated Configuration Download via getimage Endpoint
Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without authentication.
by BenChaliah
CVSS 7.5
CVE-2021-47715 EXPLOITDB MEDIUM python
Hasura GraphQL 1.3.3 - Server-Side Request Forgery via Remote Schema Injection
Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the add_remote_schema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL definitions to potentially access internal network resources.
by Dolev Farhi
CVSS 5.3
CVE-2021-47714 EXPLOITDB MEDIUM python
Hasura GraphQL 1.3.3 - Local File Read via SQL Injection in Query Endpoint
Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the query endpoint. Attackers can exploit the pg_read_file() PostgreSQL function by crafting malicious SQL queries to read arbitrary files on the server.
by Dolev Farhi
CVSS 5.5
CVE-2021-47713 EXPLOITDB HIGH python
Hasura GraphQL 1.3.3 - Denial of Service via Malicious GraphQL Query
Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.
by Dolev Farhi
CVSS 7.5
EIP-2026-114018 EXPLOITDB text
WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS)
by Himamshu Dilip Kulkarni
CVE-2021-30044 EXPLOITDB MEDIUM python
Remote Clinic 2.0 - Stored Cross-Site Scripting via Staff Registration First or Last Name Field
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php.
by nu11secur1ty
CVSS 5.4
CVE-2021-21425 EXPLOITDB CRITICAL ruby VERIFIED
Grav Admin Plugin < 1.10.8 - Unauthenticated Arbitrary YAML Write via Administrator Controller
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.
by Mehmet Ince
CVSS 9.3
EIP-2026-107057 EXPLOITDB text
Fast PHP Chat 1.3 - 'my_item_search' SQL Injection
by Fatih Coskun
EIP-2026-105506 EXPLOITDB text
BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS)
by Ömer Hasan Durmuş