Writeup Exploits
63,085 exploits tracked across all sources.
WordPress Canto Plugin 1.3.0 - Blind Server-Side Request Forgery via detail.php
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
CVSS 5.3
WordPress Canto Plugin 1.3.0 - Blind Server-Side Request Forgery via get.php
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.
CVSS 5.3
WordPress Canto Plugin 1.3.0 - Blind SSRF via subdomain Parameter
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.
CVSS 5.3
osCommerce 2.3.4.1 - Authenticated Stored Cross-Site Scripting in Newsletter Title
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
CVSS 4.8
osCommerce 2.3.4.1 - Authenticated Stored Cross-Site Scripting in Newsletter Title
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
CVSS 4.8
TOTVS Fluig - Path Traversal via Base64-Encoded File Parameter
The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4
CVSS 8.6
TOTVS Fluig - Path Traversal via Base64-Encoded File Parameter
The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4
CVSS 8.6
Project Worlds Online Examination System 1.0 - XSS
XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field
CVSS 6.1
TikiWiki 21.2 - Cross-Site Request Forgery in Template Editor
TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited.
CVSS 8.8
Victor CMS 1.0 - SQL Injection via Search Parameter
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
CVSS 9.8
BloodX 1.0 - SQL Injection
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
CVSS 9.8
BloodX 1.0 - SQL Injection
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
CVSS 9.8
Multi Restaurant Table Reservation System 1.0 - Unauthenticated SQL...
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.
CVSS 9.8
Car Rental Management System <1.0 - SQL Injection
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
CVSS 9.8
Gym Management System - SQL Injection
An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable.
CVSS 9.8
Tourist5 Online-food-ordering-system 1.0 - SQL Injection
Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0.
CVSS 9.8
NetArt News Lister 1.0.0 - Stored Cross-Site Scripting in News Headlines
In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles.
CVSS 4.8
EventON < 3.0.5 - Cross-Site Scripting via Search Field
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
CVSS 6.1
IncomCMS 2.0 - Unauthenticated Unrestricted File Upload via modules/uploader/showcase/script.php
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
CVSS 9.8
Pluck CMS < 4.7.13 - Authenticated Remote Code Execution via File Upload Restriction Bypass
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
CVSS 7.2
Pluck CMS < 4.7.13 - Authenticated Remote Code Execution via File Upload Restriction Bypass
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
CVSS 7.2
Macally WIFISD2-2A82 Media and Travel Router 2.000.010 - Privilege Escalation
In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password hashes of each user (including root) can be dumped. The root hash can be cracked easily which results in a complete system compromise.
CVSS 8.8
Drupal Docker <8.5.10-fpm-alpine - Privilege Escalation
The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVSS 9.8
amazee.io Lagoon <1.12.3 - Info Disclosure
The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion.
CVSS 5.3
amazee.io Lagoon <1.12.3 - Info Disclosure
The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion.
CVSS 5.3
By Source