Exploitdb Exploits
50,193 exploits tracked across all sources.
School Faculty Scheduling System 1.0 - Authentication Bypass POC
by Jyotsna Adhana
Ultimate Project Manager CRM PRO 2.0.5 - SQL Injection
Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attackers can exploit the /frontend/get_article_suggestion/ endpoint by crafting malicious search parameters to progressively guess and retrieve user credentials through boolean-based inference techniques.
by nag0mez
CVSS 8.2
Mobile Shop System - SQL Injection
An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php.
by Moaaz Taha
CVSS 9.8
Projectworlds Visitor Management System - SQL Injection
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.
by Rahul Ramkumar
CVSS 8.8
Wordpress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure
by redtimmysec
WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection
by Jonatas Fil
WordPress Plugin HS Brand Logo Slider 2.1 - 'logoupload' File Upload
by Net-Hunter
User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS
by yusufmalikul
RiteCMS 2.2.1 - Remote Code Execution (Authenticated)
by H0j3n
Loan Management System 1.0 - Multiple Cross Site Scripting (Stored)
by Akıner Kısa
WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting (Authenticated)
by n1x_
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
by Jonatas Fil
Comtrend AR-5387un router - Persistent XSS (Authenticated)
by OscarAkaElvis
Online Discussion Forum - XSS
The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page.
by j5oh
CVSS 5.4
Phpgurukul Tourism Management System - Unrestricted File Upload
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.
by Ankita Pal
CVSS 8.8
Textpattern CMS 4.6.2 - CSRF
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
by Alperen Ergel
CVSS 8.8
Typesetter < 5.1 - Unrestricted File Upload
Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2
by Rodolfo Tavares
CVSS 7.2
Online Student's Management System 1.0 - Remote Code Execution (Authenticated)
by Akıner Kısa
Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL Injection
by Matthew Aberegg
Nagios XI 5.7.3 - 'Manage Users' Authenticated SQL Injection
by Matthew Aberegg
Nagios XI 5.7.3 - 'Contact Templates' Persistent Cross-Site Scripting
by Matthew Aberegg
Phpgurukul Hostel Management System - XSS
PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.
by Kokn3t
CVSS 5.4
Jenkins Pipeline: Groovy Plugin <2.63 - RCE
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
by Daniel Morris
CVSS 9.9
By Source