Exploitdb Exploits
50,193 exploits tracked across all sources.
Genexis Platinum-4410 Firmware - XSS
Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users.
by Amal Mohandas
CVSS 5.4
Online Health Care System 1.0 - Multiple Cross Site Scripting (Stored)
by Akıner Kısa
CMS Made Simple <2.1.6 - SSRF
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
by Gurkirat Singh
CVSS 9.8
Ajenti 2.1.36 - Command Injection
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port.
by Ahmet Ümit BAYRAM
CVSS 9.8
Online Library Management System - Unrestricted File Upload
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).
by Jyotsna Adhana
CVSS 9.8
Admerc Gym Management System - XSS
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'.
by Jyotsna Adhana
CVSS 6.1
Gym Management System - SQL Injection
An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable.
by Jyotsna Adhana
CVSS 9.8
Car Rental Management System - Unrestricted File Upload
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).
by Jyotsna Adhana
CVSS 9.8
User Registration & Login and User Management System 2.1 - SQL Injection
by Ihsan Sencan
TextPattern CMS 4.8.3 - Remote Code Execution (Authenticated)
by 0blio_
Stock Management System 1.0 - 'brandId and categoriesId' SQL Injection
by Ihsan Sencan
School Faculty Scheduling System 1.0 - 'username' SQL Injection
by Jyotsna Adhana
School Faculty Scheduling System 1.0 - 'id' SQL Injection
by Jyotsna Adhana
Lot Reservation Management System 1.0 - Cross-Site Scripting (Stored)
by Ankita Pal
Lot Reservation Management System 1.0 - Authentication Bypass
by Ankita Pal
Bludit - Brute Force
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
by Mayank Deshmukh
CVSS 9.8
Hrsale - Path Traversal
Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files.
by Sosecure
CVSS 5.3
Tiki Wiki CMS Groupware 21.1 - Authentication Bypass
by Maximilian Barz
Stock Management System 1.0 - 'Product Name' Persistent Cross-Site Scripting
by Adeeb Shah
Stock Management System 1.0 - 'Categories Name' Persistent Cross-Site Scripting
by Adeeb Shah
Stock Management System 1.0 - 'Brand Name' Persistent Cross-Site Scripting
by Adeeb Shah
School Faculty Scheduling System 1.0 - Stored Cross Site Scripting POC
by Jyotsna Adhana
By Source