Exploit Database
144,203 exploits tracked across all sources.
Tenda AC18 V15.03.05.19 - Buffer Overflow
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic.
CVSS 9.8
Lin-CMS <0.2.1 - Privilege Escalation
An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator.
CVSS 6.6
Avery Dennison Monarch Printer M9855 - XSS
Avery Dennison Monarch Printer M9855 is vulnerable to Cross Site Scripting (XSS).
CVSS 6.1
CRMEB 4.4.4 - Arbitrary File Download
CRMEB 4.4.4 is vulnerable to Any File download.
CVSS 7.5
Artifex MuJS 1.0.0-1.3.x - Remote Code Execution via Crafted JavaScript File
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
CVSS 8.8
Artifex MuJS 1.0.0-1.3.x - Remote Code Execution via Crafted JavaScript File
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
CVSS 8.8
maccms10 v2022.1000.3032 - Reflected Cross-Site Scripting via AD Management Name Parameter
A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module.
CVSS 6.1
KioWare < 8.33 - Remote Code Execution via KioUtils.Execute
KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code.
CVSS 5.4
CWP login.php Unauthenticated RCE
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
CVSS 9.8
Py7zr < 0.20.1 - Path Traversal
A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.
CVSS 9.1
phpmyfaq < 3.1.9 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
CVSS 6.1
phpmyfaq < 3.1.9 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
CVSS 6.1
WBCE CMS < 1.6.5 - Weak Password Generation via Insecure rand() Usage
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege escalation if these passwords are used for new accounts or password resets. The vulnerability is fixed in version 1.6.5.
CVSS 9.1
WBCE CMS < 1.6.5 - Weak Password Generation via Insecure rand() Usage
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege escalation if these passwords are used for new accounts or password resets. The vulnerability is fixed in version 1.6.5.
CVSS 9.1
WBCE CMS < 1.6.5 - Brute-Force Protection Bypass via X-Forwarded-For Header
WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying `X-Forwarded-For` on each request, gaining unlimited password guessing attempts, effectively bypassing all brute-force protection. The application fully trusts the `X-Forwarded-For` header without validating it or restricting its usage. This issue is fixed in version 1.6.5.
CVSS 8.1
WBCE CMS < 1.6.5 - Brute-Force Protection Bypass via X-Forwarded-For Header
WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying `X-Forwarded-For` on each request, gaining unlimited password guessing attempts, effectively bypassing all brute-force protection. The application fully trusts the `X-Forwarded-For` header without validating it or restricting its usage. This issue is fixed in version 1.6.5.
CVSS 8.1
WBCE CMS < 1.6.5 - Authenticated SQL Injection via User Management groups[] Parameter
WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration, effectively bypassing all security controls. The vulnerability exists in the admin/users/save.php script, which handles updates to user profiles. The script improperly processes the groups[] parameter sent from the user edit form. This issue is fixed in version 1.6.5.
CVSS 8.8
WBCE CMS < 1.6.5 - Authenticated SQL Injection via User Management groups[] Parameter
WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration, effectively bypassing all security controls. The vulnerability exists in the admin/users/save.php script, which handles updates to user profiles. The script improperly processes the groups[] parameter sent from the user edit form. This issue is fixed in version 1.6.5.
CVSS 8.8
WBCE CMS < 1.6.4 - Privilege Escalation via groups[] Parameter Manipulation
WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups[] parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, but server-side validation is missing, allowing attackers to overwrite their group membership and obtain full administrative access. This results in a complete compromise of the CMS. This issue has been patched in version 1.6.4.
CVSS 8.8
WBCE CMS < 1.6.3 - Authenticated Remote Code Execution via Malicious Module Upload
WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.
CVSS 8.8
WBCE CMS 1.6.2 - Authenticated Remote Code Execution via Elfinder File Upload
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.
CVSS 8.8
WBCE CMS 1.6.0 - Unauthenticated SQL Injection via DB_RECORD_TABLE Parameter
SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter.
CVSS 9.8
WBCE CMS 1.5.3 - Command Injection via admin/languages/install.php
WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php.
CVSS 7.2
WBCE CMS 1.5.2 - Authenticated Remote Code Execution via Droplet Upload
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.
CVSS 8.8
WBCE CMS < 1.5.4 - Cross-Site Scripting via Overview Page Post Loop Field
A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field.
CVSS 4.8
By Source