Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-36944 EXPLOITDB MEDIUM text
ILIAS Learning Management System <4.3 - SSRF
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to PDF.
by Dot
CVSS 4.0
CVE-2020-36943 EXPLOITDB HIGH text
asc Timetables 2021.6.2 - Denial of Service via Subject Title Field Overflow
aSc TimeTables 2021.6.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting subject title fields with excessive data. Attackers can generate a 10,000-character buffer and paste it into the subject title to trigger application instability and potential crash.
by Ismael Nava
CVSS 7.5
CVE-2020-35427 EXPLOITDB CRITICAL text
PHPGurukul Employee Record Management System 1.1 - SQL Injection
SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
by Anurag Kumar
CVSS 9.8
CVE-2020-35395 EXPLOITDB MEDIUM text
EGavilan Media Expense Management System 1.0 - Stored Cross-Site Scripting via Description Field
XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field
by Nikhil Kumar
CVSS 6.1
CVE-2020-35309 EXPLOITDB MEDIUM text
Bakeshop Online Ordering System 1.0 - Stored Cross-Site Scripting in Admin Dashboard Categories
Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - "Categories".
by Parshwa Bhavsar
CVSS 4.8
CVE-2020-35274 EXPLOITDB MEDIUM text
dotcms 20.11 - Stored Cross-Site Scripting in Admin Panel Template Addition
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS.
by Hardik Solanki
CVSS 4.8
CVE-2020-35273 EXPLOITDB HIGH text
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Cross-Site Request Forgery in User Profile Panel
EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any user's account.
by Hardik Solanki
CVSS 8.0
CVE-2020-35270 EXPLOITDB CRITICAL text
Student Result Management System - SQL Injection
Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result.
by Ritesh Gohil
CVSS 9.1
CVE-2020-35252 EXPLOITDB MEDIUM text
User Registration & Login System with Admin Panel 1.0 - Cross-Site Scripting via Full Name Parameter
Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter in the User Registration section of User Registration & Login System with Admin Panel 1.0.
by Soushikta Chowdhury
CVSS 6.1
CVE-2020-29472 EXPLOITDB CRITICAL text
EGavilan Media Under Construction page with cPanel 1.0 - SQL Injection
EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.
by Mayur Parmar
CVSS 9.8
CVE-2020-29239 EXPLOITDB MEDIUM text
Online Birth Certificate System Project V 1.0 - XSS
Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload.
by Sagar Banwa
CVSS 6.1
CVE-2020-14073 EXPLOITDB MEDIUM text
PRTG Network Monitor 20.1.56.1574 - Authenticated Stored Cross-Site Scripting via Map Designer Properties
XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access.
by Amin Rawah
CVSS 5.4
EIP-2026-117542 EXPLOITDB c++
Microsoft Windows - Win32k Elevation of Privilege
by nu11secur1ty
EIP-2026-117313 EXPLOITDB text
IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path
by Manuel Alvarez
CVE-2020-25213 EXPLOITDB CRITICAL bash
WordPress File Manager Unauthenticated Remote Code Execution
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
by Mansoor R
CVSS 10.0
CVE-2020-35313 EXPLOITDB CRITICAL python
WonderCMS 3.1.3 - Code Execution via Theme Installer SSRF
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.
by zetc0de
CVSS 9.8
CVE-2020-35314 EXPLOITDB CRITICAL python
WonderCMS 3.1.3 - Authenticated Remote Code Execution via Theme/Plugin Installer
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer.
by zetc0de
CVSS 9.8
CVE-2020-29469 EXPLOITDB MEDIUM text
WonderCMS 3.1.3 - Stored Cross-Site Scripting in Menu Component
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. This vulnerability can allow an attacker to inject the XSS payload in the Setting - Menu and each time any user will visits the website directory, the XSS triggers and attacker can steal the cookie according to the crafted payload.
by Hemant Patidar
CVSS 5.4
EIP-2026-112080 EXPLOITDB text
Simple College Website 1.0 - 'page' Local File Inclusion
by Mosaaed
EIP-2026-110578 EXPLOITDB text
Pharmacy Store Management System 1.0 - 'id' SQL Injection
by Aydın Baran Ertemir
EIP-2026-105718 EXPLOITDB text
Car Rental Management System 1.0 - SQL Injection / Local File include
by Mosaaed
CVE-2020-27422 EXPLOITDB CRITICAL text
Anuko Time Tracker <1.19.23.5311 - Info Disclosure
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.
by Mufaddal Masalawala
CVSS 9.8
CVE-2020-27423 EXPLOITDB HIGH text
Anuko Time Tracker <1.19.23.5311 - DoS
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox
by Mufaddal Masalawala
CVSS 7.5
EIP-2026-104367 EXPLOITDB text
Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting
by Parshwa Bhavsar
CVE-2021-3278 EXPLOITDB CRITICAL text
Local Service Search Engine Management System 1.0 - Auth Bypass
Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page.
by Aditya Wakhlu
CVSS 9.8