Exploitdb Exploits
50,076 exploits tracked across all sources.
InoERP 0.7.2 - Unauthenticated Remote Code Execution via /modules/sys/form_personalization/json_fp.php
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.
by Lyhin\'s Lab
CVSS 9.8
Genexis Platinum-4410 Firmware P4410-V2-1.28 - Stored Cross-Site Scripting in WLAN SSID Parameter
Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users.
by Amal Mohandas
CVSS 5.4
Online Health Care System 1.0 - Multiple Cross Site Scripting (Stored)
by Akıner Kısa
CMS Made Simple 2.1.6 - Server-Side Template Injection via cntnt01detailtemplate Parameter
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
by Gurkirat Singh
CVSS 9.8
Ajenti 2.1.36 - Authenticated Remote Code Execution via Terminal API
Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port.
by Ahmet Ümit BAYRAM
CVSS 9.8
Online Library Management System 1.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Image Upload
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).
by Jyotsna Adhana
CVSS 9.8
Gym Management System 1.0 - Stored Cross-Site Scripting via Package Name and Description Fields
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'.
by Jyotsna Adhana
CVSS 6.1
Gym Management System - SQL Injection
An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable.
by Jyotsna Adhana
CVSS 9.8
Car Rental Management System 1.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Image Upload
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).
by Jyotsna Adhana
CVSS 9.8
User Registration & Login and User Management System 2.1 - SQL Injection
by Ihsan Sencan
TextPattern CMS 4.8.3 - Remote Code Execution (Authenticated)
by 0blio_
Stock Management System 1.0 - 'brandId and categoriesId' SQL Injection
by Ihsan Sencan
School Faculty Scheduling System 1.0 - 'username' SQL Injection
by Jyotsna Adhana
School Faculty Scheduling System 1.0 - 'id' SQL Injection
by Jyotsna Adhana
Lot Reservation Management System 1.0 - Cross-Site Scripting (Stored)
by Ankita Pal
Lot Reservation Management System 1.0 - Authentication Bypass
by Ankita Pal
Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass via X-Forwarded-For Header
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
by Mayank Deshmukh
CVSS 9.8
hrsale 2.0.0 - Path Traversal via Download Endpoint
Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files.
by Sosecure
CVSS 5.3
Tiki Wiki CMS Groupware 21.1 - Authentication Bypass
by Maximilian Barz
Stock Management System 1.0 - 'Product Name' Persistent Cross-Site Scripting
by Adeeb Shah
Stock Management System 1.0 - 'Categories Name' Persistent Cross-Site Scripting
by Adeeb Shah
Stock Management System 1.0 - 'Brand Name' Persistent Cross-Site Scripting
by Adeeb Shah
By Source