Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-17582 EXPLOITDB CRITICAL html VERIFIED
FS Grubhub Clone 1.0 - SQL Injection via Keywords Parameter
FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17575 EXPLOITDB CRITICAL text VERIFIED
FS Groupon Clone 1.0 - SQL Injection via id Parameter
FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17576 EXPLOITDB CRITICAL text VERIFIED
FS Gigs Script 1.0 - SQL Injection via browse-category.php cat Parameter
FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17579 EXPLOITDB CRITICAL text VERIFIED
FS Freelancer Clone 1.0 - SQL Injection via Profile Page u Parameter
FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17571 EXPLOITDB CRITICAL html VERIFIED
FS Foodpanda Clone 1.0 - SQL Injection via Keywords Parameter
FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17570 EXPLOITDB CRITICAL text VERIFIED
FS Expedia Clone 1.0 - SQL Injection via pages.php/content.php id or show-flight-result.php fl_orig/fl_dest Parameter
FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17573 EXPLOITDB CRITICAL text VERIFIED
FS Ebay Clone 1.0 - SQL Injection via product.php id or search.php Parameters
FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17578 EXPLOITDB CRITICAL text VERIFIED
FS Crowdfunding Script 1.0 - SQL Injection via latest_news_details.php id Parameter
FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17574 EXPLOITDB CRITICAL text VERIFIED
FS Care Clone 1.0 - SQL Injection via searchJob.php jobType or jobFrequency Parameter
FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17572 EXPLOITDB CRITICAL text VERIFIED
FS Amazon Clone 1.0 - SQL Injection via PATH_INFO to /VerAyari
FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17595 EXPLOITDB CRITICAL text VERIFIED
Beauty Parlour Booking Script 1.0 - SQL Injection via Gender or City Parameter
Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17600 EXPLOITDB CRITICAL text VERIFIED
Basic B2B Script 2.0.8 - SQL Injection via product_details.php id Parameter
Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17598 EXPLOITDB CRITICAL text
Affiliate MLM Script 1.0 - SQL Injection via product-category.php key Parameter
Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17599 EXPLOITDB CRITICAL text VERIFIED
Advance Online Learning Management Script 3.1 - SQL Injection via courselist.php subcatid or popcourseid Parameter
Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17602 EXPLOITDB CRITICAL text VERIFIED
Advance B2B Script 2.1.3 - SQL Injection via tradeshow-list-detail.php show_id or view-product.php pid Parameter
Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-18047 EXPLOITDB CRITICAL python
LabF nfsAxe 3.7 - Buffer Overflow via Long FTP Reply
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.
by wetw0rk
CVSS 9.8
CVE-2017-14742 EXPLOITDB CRITICAL python
LabF nfsAxe FTP client 3.7 - Remote Code Execution via Buffer Overflow
Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely.
by wetw0rk
CVSS 9.8
CVE-2017-17592 EXPLOITDB CRITICAL text VERIFIED
Website Auction Marketplace 2.0.5 - SQL Injection via search.php cat_id Parameter
Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17593 EXPLOITDB HIGH text VERIFIED
Simple Chatting System 1.0 - Arbitrary File Upload via my_profile.php
Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/.
by Ihsan Sencan
CVSS 7.5
CVE-2017-17591 EXPLOITDB CRITICAL text VERIFIED
Realestate Crowdfunding Script 2.7.2 - SQL Injection via single-cause.php pid Parameter
Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17597 EXPLOITDB CRITICAL text
Nearbuy Clone Script 3.2 - SQL Injection via Category List Search Parameter
Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17589 EXPLOITDB CRITICAL text VERIFIED
FS Thumbtack Clone 1.0 - SQL Injection via Category Parameter
FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17590 EXPLOITDB CRITICAL text VERIFIED
FS Stackoverflow Clone 1.0 - SQL Injection via Question Keywords Parameter
FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17583 EXPLOITDB CRITICAL text VERIFIED
FS Shutterstock Clone 1.0 - SQL Injection via Category Keywords Parameter
FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17581 EXPLOITDB CRITICAL text VERIFIED
FS Quibids Clone 1.0 - SQL Injection via itechd.php productid Parameter
FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.
by Ihsan Sencan
CVSS 9.8