Exploitdb Exploits
50,076 exploits tracked across all sources.
School Faculty Scheduling System 1.0 - Stored Cross Site Scripting POC
by Jyotsna Adhana
School Faculty Scheduling System 1.0 - Authentication Bypass POC
by Jyotsna Adhana
WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to executable extensions .php to achieve remote code execution.
by Net-Hunter
CVSS 8.8
Ultimate Project Manager CRM PRO 2.0.5 - SQL Injection
The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attackers can exploit the /frontend/get_article_suggestion/ endpoint by crafting malicious search parameters to progressively guess and retrieve user credentials through boolean-based inference techniques.
by nag0mez
CVSS 8.2
Mobile Shop System 1.0 - SQL Injection via Email Parameter
An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php.
by Moaaz Taha
CVSS 9.8
Projectworlds Visitor Management System in PHP 1.0 - SQL Injection via 'rid' Parameter
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.
by Rahul Ramkumar
CVSS 8.8
Wordpress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure
by redtimmysec
WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection
by Jonatas Fil
User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS
by yusufmalikul
RiteCMS 2.2.1 - Remote Code Execution (Authenticated)
by H0j3n
Loan Management System 1.0 - Multiple Cross Site Scripting (Stored)
by Akıner Kısa
WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting (Authenticated)
by n1x_
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
by Jonatas Fil
Comtrend AR-5387un router - Persistent XSS (Authenticated)
by OscarAkaElvis
Online Discussion Forum 1.0 - Authenticated Stored Cross-Site Scripting in Message Body
The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page.
by j5oh
CVSS 5.4
Tourism Management System 1.0 - Unauthenticated Arbitrary File Upload via Admin Create Package
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.
by Ankita Pal
CVSS 8.8
Textpattern CMS 4.6.2 - Cross-Site Request Forgery via Prefs Subsystem
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
by Alperen Ergel
CVSS 8.8
Typesetter CMS 5.0-5.1 - Authenticated Remote Code Execution via ZIP Archive Upload
Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2
by Rodolfo Tavares
CVSS 7.2
Online Student's Management System 1.0 - Remote Code Execution (Authenticated)
by Akıner Kısa
Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL Injection
by Matthew Aberegg
Nagios XI 5.7.3 - 'Manage Users' Authenticated SQL Injection
by Matthew Aberegg
Nagios XI 5.7.3 - 'Contact Templates' Persistent Cross-Site Scripting
by Matthew Aberegg
PHPGurukul hostel-management-system 2.1 - Stored XSS via Guardian Name/Relation/Contact/Address/City
PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.
by Kokn3t
CVSS 5.4
By Source