Writeup Exploits
63,697 exploits tracked across all sources.
Red Planet Laundry Management System 1.0 - SQL Injection
Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection.
CVSS 9.8
Online Project Time Management System v1.0 - SQL Injection
Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php.
CVSS 9.8
Hospital Patient Record Management System 1.0 - SQL Injection via id Parameter
Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/manage_doctor.php.
CVSS 9.8
Hospital Patient Record Management System 1.0 - SQL Injection via id Parameter
Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/view_doctor.php.
CVSS 9.8
Car Driving School Management System v1.0 - SQL Injection
Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access.
CVSS 9.8
Hospital Management System v4.0 - SQL Injection
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
CVSS 9.8
HMS v1.0 - SQL Injection via patientlogin.php
HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.
CVSS 9.8
Sourcecodester Online Thesis Archiving System 1.0 - SQL Injection
Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection
CVSS 9.8
Online Pre-owned/Used Car Showroom Management System 1.0 - SQL Injection Authentication Bypass via Login Form
Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application.
CVSS 9.8
Online Magazine Management System 1.0 - SQL Injection Authentication Bypass via Login Form
Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.
CVSS 9.8
Simple College Website 1.0 - Unauthenticated Remote Code Execution via UNION-based SQL Injection in Username Parameter
Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php.
CVSS 8.1
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVSS 10.0
Sourcecodester Simple Subscription Website 1.0 - XSS
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application.
CVSS 6.1
Simple Subscription Website 1.0 - SQL Injection via Login
SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login.
CVSS 9.8
Sourcecodester CRM 1.0 - SQL Injection
An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php.
CVSS 9.8
Sourcecodester Engineers Online Portal - Auth Bypass
An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization.
CVSS 7.5
Engineers Online Portal - Unrestricted File Upload via Teacher Avatar Change
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing "<?php system($_GET["cmd"]); ?>" the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id.
CVSS 9.8
Engineers Online Portal - SQL Injection via id Parameter in my_classmates.php
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server.
CVSS 9.8
Sourcecodester Online Event Booking and Reservation System - SQL Injection in Event Management Views
A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.
CVSS 9.8
Engineers Online Portal - SQL Injection via Login Form
An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.
CVSS 9.8
IFSC Code Finder Project 1.0 - SQL Injection via searchifsccode Parameter
SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.
CVSS 9.8
i-Panel Administration System 2.0 - Reflected Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button.
CVSS 6.1
Pharmacy Point of Sale System 1.0 - SQL Injection in Login Function
An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php.
CVSS 9.8
e-negosyo_system 1.0 - Authenticated Remote Code Execution via Image Upload MIME Validation Bypass
A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. .
CVSS 7.2
e-negosyo_system - SQL Injection via user_email Parameter
An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email parameter in /admin/login.php.
CVSS 9.8
By Source