Exploitdb Exploits
50,076 exploits tracked across all sources.
Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting
by Mesut Cetin
Alumni Management System 1.0 - _Last Name field in Registration page_ Stored XSS
by Siva Rajendran
EyesOfNetwork 5.3 - File Upload Remote Code Execution
by Audencia Business SCHOOL Red Team
Online Shopping Cart System 1.0 - 'id' SQL Injection
by Aydın Baran Ertemir
Online Movie Streaming 1.0 - Admin Authentication Bypass
by Richard Jones
Nagios XI < 5.8.0 - Authenticated OS Command Injection via Plugin Upload
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands.
by Haboob Team
CVSS 7.2
Ignition < 2.5.2 - Unauthenticated Remote Code Execution via file_get_contents() and file_put_contents()
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
by SunCSR Team
CVSS 9.8
Online Hotel Reservation System 1.0 - Admin Authentication Bypass
by Richard Jones
Gila CMS < 2.0.0 - Unauthenticated Remote Code Execution via User-Agent Header Injection
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell_exec() to run system commands by sending crafted requests to the admin endpoint.
by Enesdex
CVSS 9.8
Cemetry Mapping and Information System 1.0 - Multiple SQL Injections
by Mesut Cetin
OpenCart 3.0.36 Account Takeover via Cross Site Request Forgery
OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and account information, then use password reset functionality to gain unauthorized access to compromised accounts.
by Mahendra Purbia
CVSS 5.3
Custom Global Variables 1.0.5 - Stored Cross-Site Scripting via vars[0][name] Field
Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field.
by Swapnil Subhash Bodekar
CVSS 5.4
PrestaShop 1.7.7.0 - SQL Injection via Product Comments Module id_products[] Parameter
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.
by Jaimin Gondaliya
CVSS 9.8
PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval
by rootabeta
Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scripting
by Mesut Cetin
EyesOfNetwork 5.3 - RCE & PrivEsc
by Audencia Business SCHOOL Red Team
Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting
by Ramazan Mert GÖKTEN
Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)
by SunCSR Team
WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit)
by SunCSR Team
Online Doctor Appointment System 1.0 - Authenticated Stored Cross-Site Scripting in Update Profile Module
Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.
by Mohamed habib Smidi
CVSS 5.4
Life Insurance Management System 1.0 - Multiple Stored XSS
by Arnav Tripathy
Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)
by Metin Yunus Kandemir
By Source