Writeup Exploits

63,677 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-27254 WRITEUP MEDIUM
Honda Civic 2018 Firmware - Authentication Bypass via RF Signal Replay Attack
The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.
CVSS 5.3
CVE-2022-27308 WRITEUP MEDIUM
PHProjekt PhpSimplyGest 1.3.0 - Stored Cross-Site Scripting via Project Title
A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title.
CVSS 5.4
CVE-2022-27311 WRITEUP CRITICAL
Gibbon < 3.4.4 - Server-Side Request Forgery via Crafted URL
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL.
CVSS 9.8
CVE-2022-36272 WRITEUP CRITICAL
Mingsoft MCMS 5.2.8 - SQL Injection
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.
CVSS 9.8
CVE-2022-31943 WRITEUP CRITICAL
MCMS v5.2.8 - Unrestricted Upload of File with Dangerous Type
MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability.
CVSS 9.8
CVE-2022-27466 WRITEUP CRITICAL
MCMS v5.2.27 - SQL Injection via orderBy Parameter
MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.
CVSS 9.8
CVE-2022-27340 WRITEUP HIGH
MCMS v5.2.7 - Cross-Site Request Forgery via /role/saveOrUpdateRole.do
MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data.
CVSS 8.8
CVE-2022-23899 WRITEUP CRITICAL
MCMS v5.2.5 - SQL Injection via search.do Parameter
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.
CVSS 9.8
CVE-2022-23898 WRITEUP CRITICAL
MCMS v5.2.5 - SQL Injection via categoryId Parameter
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.
CVSS 9.8
CVE-2021-46063 WRITEUP CRITICAL
MCMS v5.2.5 - Server-Side Template Injection via Template Management Module
MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module.
CVSS 9.1
CVE-2021-46062 WRITEUP HIGH
MCMS < 5.2.11 - Arbitrary File Deletion via oldFileName Parameter
MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName.
CVSS 7.1
CVE-2021-44868 WRITEUP CRITICAL
mingsoft mcms v5.1 - SQL Injection via /ms/cms/content/list.do
A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do
CVSS 9.8
CVE-2020-23262 WRITEUP CRITICAL
Ming-Soft MCMS <5.0 - SQL Injection
An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do.
CVSS 9.8
CVE-2020-22755 WRITEUP HIGH
MCMS 5.0 - Unauthenticated Arbitrary File Upload via Thumbnail
File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943.
CVSS 8.8
CVE-2020-20913 WRITEUP CRITICAL
Ming-Soft MCMS < 5.1 - SQL Injection via basic_title Parameter
SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter.
CVSS 9.8
CVE-2022-27413 WRITEUP CRITICAL
Hospital Management System 1.0 - SQL Injection via adminname Parameter
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.
CVSS 9.8
CVE-2022-27474 WRITEUP HIGH
SuiteCRM 7.11.23 - Remote Code Execution via FirstName Field Injection
SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field.
CVSS 7.2
CVE-2022-27475 WRITEUP MEDIUM
hotel_management_system - Stored Cross-Site Scripting in /admin.php
Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded.
CVSS 6.1
CVE-2022-27666 WRITEUP HIGH
Linux Kernel < 5.17 - Heap Buffer Overflow in IPsec ESP Transformation
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
CVSS 7.8
CVE-2022-28051 WRITEUP MEDIUM
SeedDMS 6.0.18 and 5.1.25 - Stored Cross-Site Scripting via Add Category Functionality
The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.
CVSS 5.4
CVE-2022-28052 WRITEUP HIGH
Roothub 2.6.0 - Path Traversal and Arbitrary File Write via FileSystemStorageService
Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via /common/upload API, which could lead to remote arbitrary code execution.
CVSS 8.0
CVE-2022-27473 WRITEUP CRITICAL
Roothub 2.6.0 - Unauthenticated SQL Injection via Topics Search Parameter
SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely.
CVSS 9.8
CVE-2022-27472 WRITEUP CRITICAL
Roothub 2.6.0 - Unauthenticated SQL Injection via Topics Counting Feature
SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely.
CVSS 9.8
CVE-2019-25697 WRITEUP HIGH
CMSsite 1.0 SQL Injection via category.php
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to category.php with malicious cat_id values to extract sensitive database information including usernames and credentials.
CVSS 8.2
CVE-2019-25682 WRITEUP MEDIUM
CMSsite 1.0 Cross-Site Request Forgery via users.php
CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint with parameters like source=add_user, source=edit_user, or del=1 to create, modify, or delete admin accounts.
CVSS 4.3