Exploitdb Exploits
50,076 exploits tracked across all sources.
Responsive Newspaper Magazine & Blog CMS 1.0 - SQL Injection via id Parameter
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
by Ihsan Sencan
CVSS 9.8
Dynamic News Magazine & Blog CMS 1.0 - SQL Injection via id Parameter
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
by Ihsan Sencan
CVSS 9.8
MyMagazine Magazine & Blog CMS 1.0 - SQL Injection via id Parameter
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
by Ihsan Sencan
CVSS 9.8
Contractorscripts Mybuildersite - SQL Injection
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.
by Ihsan Sencan
CVSS 9.8
Mailing List Manager Pro 3.0 - SQL Injection via Edit Parameter
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.
by Ihsan Sencan
CVSS 9.8
Zh YandexMap 6.1.1.0 - SQL Injection via placemarklistid Parameter
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
by Ihsan Sencan
CVSS 9.8
NS Download Shop 2.2.6 - SQL Injection via Invoice Create ID Parameter
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.
by Ihsan Sencan
CVSS 9.8
Job Board Script Software - SQL Injection via PATH_INFO to /job-details
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.
by Ihsan Sencan
CVSS 9.8
iTech Gigs Script 1.21 - SQL Injection via sc or ser Parameter
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.
by Ihsan Sencan
CVSS 9.8
iStock Management System 1.0 - Unauthenticated Arbitrary File Upload via User Profile
iStock Management System 1.0 allows Arbitrary File Upload via user/profile.
by Ihsan Sencan
CVSS 9.8
iProject Management System 1.0 - SQL Injection via ID Parameter
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
by Ihsan Sencan
CVSS 9.8
Ingenious School Management System 2.3.0 - Unrestricted File Upload via my_profile.php
my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.
by Ihsan Sencan
CVSS 8.8
fake_magazine_cover_script - SQL Injection via rate.php value parameter or content.php id parameter
Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.
by Ihsan Sencan
CVSS 9.8
D-Park Pro Domain Parking Script 1.0 - SQL Injection via Admin Login Form Username
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
by Ihsan Sencan
CVSS 9.8
CPA Lead Reward Script - SQL Injection via Username Parameter
CPA Lead Reward Script allows SQL Injection via the username parameter.
by Ihsan Sencan
CVSS 9.8
Creative Management System Lite 1.4 - SQL Injection via S Parameter
Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.
by Ihsan Sencan
CVSS 9.8
Basic B2B Script - SQL Injection via product_view1.php pid or id Parameter
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
by Ihsan Sencan
CVSS 9.8
Article Directory Script 3.0 - SQL Injection via id Parameter
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.
by Ihsan Sencan
CVSS 9.8
AROX School ERP PHP Script 1.0 - SQL Injection via Office Admin ID Parameter
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
by Ihsan Sencan
CVSS 9.8
Adultscriptpro - SQL Injection
Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.
by Ihsan Sencan
CVSS 9.8
MitraStar GPT-2541GNAC and DSL-100HN-T1 - Hardcoded Password
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.
by j0lama
CVSS 9.8
MitraStar GPT-2541GNAC and DSL-100HN-T1 - Authenticated Privilege Escalation via Command Execution
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.
by j0lama
CVSS 8.8
phpmyfaq < 2.9.8 - Stored Cross-Site Scripting via HTML Attachment
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
by Nikhil Mittal
CVSS 5.4
PHP Melody CMS 2.6.1 - SQL Injection via Playlist Parameter
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
by Venkat Rajgor
CVSS 9.8
By Source