Writeup Exploits

63,954 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-40309 WRITEUP HIGH
OpenSIS 8.0 - Authenticated SQL Injection via cp_id_miss_attn Parameter
A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability.
CVSS 8.8
CVE-2021-39379 WRITEUP CRITICAL
openSIS 8.0 - SQL Injection via ResetUserInfo.php password_stn_id Parameter
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the ResetUserInfo.php password_stn_id parameter.
CVSS 9.8
CVE-2021-39378 WRITEUP CRITICAL
openSIS 8.0 - SQL Injection via NamesList.php str Parameter
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the NamesList.php str parameter.
CVSS 9.8
CVE-2021-39377 WRITEUP CRITICAL
openSIS 8.0 - SQL Injection via index.php username parameter
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the index.php username parameter.
CVSS 9.8
CVE-2021-27341 WRITEUP CRITICAL
OpenSIS CE <7.6 - Local File Inclusion
OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter.
CVSS 9.8
CVE-2021-27341 WRITEUP CRITICAL
OpenSIS CE <7.6 - Local File Inclusion
OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter.
CVSS 9.8
CVE-2021-27340 WRITEUP MEDIUM
OpenSIS <= 7.6 - Reflected Cross-Site Scripting via EmailCheck.php opt Parameter
OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter.
CVSS 6.1
CVE-2021-27340 WRITEUP MEDIUM
OpenSIS <= 7.6 - Reflected Cross-Site Scripting via EmailCheck.php opt Parameter
OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter.
CVSS 6.1
CVE-2023-38913 WRITEUP MEDIUM
anirbandutta9 NEWS-BUZZ 1.0 - SQL Injection
SQL injection vulnerability in anirbandutta9 NEWS-BUZZ v.1.0 allows a remote attacker to execute arbitrary code via a crafted script.
CVSS 5.3
CVE-2023-38965 WRITEUP CRITICAL
Lost and Found Information System 1.0 - Privilege Escalation
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.
CVSS 9.8
CVE-2023-3836 WRITEUP MEDIUM
Dahua Smart Park Management <20230713 - Unrestricted Upload
A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2023-3881 WRITEUP MEDIUM
Campcodes Beauty Salon Management System 1.0 - SQL Injection
A vulnerability classified as critical was found in Campcodes Beauty Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235243.
CVSS 6.3
CVE-2023-39062 WRITEUP MEDIUM
html2pdf < 5.2.8 - Cross-Site Scripting via forms.php
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php.
CVSS 6.1
CVE-2023-39141 WRITEUP HIGH
ziahamza/webui-aria2 - Path Traversal via Node Server File Handling
webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.
CVSS 7.5
CVE-2023-39150 WRITEUP CRITICAL
ConEmu < 23.07.24 - Remote Code Execution via Title Control Character Injection
ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.
CVSS 9.8
CVE-2023-39356 WRITEUP MEDIUM
FreeRDP < 2.11.0 - Out-of-Bounds Read in gdi_multi_opaque_rect
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 5.3
CVE-2023-39526 WRITEUP CRITICAL
PrestaShop <1.7.8.10, 8.0.5, <8.1.1 - Remote Code Execution via SQL Injection and Arbitrary File Write
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.
CVSS 9.1
CVE-2023-39533 WRITEUP HIGH
go-libp2p < 0.27.8 - Resource Exhaustion via Large RSA Key Signature Verification
go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in the core/crypto module of go-libp2p and can occur during the Noise handshake and the libp2p x509 extension verification step. To prevent this attack, go-libp2p versions 0.27.8, 0.28.2, and 0.29.1 restrict RSA keys to <= 8192 bits. To protect one's application, it is necessary to update to these patch releases and to use the updated Go compiler in 1.20.7 or 1.19.12. There are no known workarounds for this issue.
CVSS 7.5
CVE-2023-39534 WRITEUP HIGH
eprosima Fast DDS < 2.10.0, < 2.9.2, < 2.6.5 - Denial of Service via Malformed GAP Submessage
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue.
CVSS 7.5
CVE-2023-39599 WRITEUP MEDIUM
CSZ CMS 1.3.0 - Stored Cross-Site Scripting via Social Settings Parameter
Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.
CVSS 5.4
CVE-2023-39619 WRITEUP HIGH
node_email_check 1.0.4 - Denial of Service via ReDos in scpSyntax Component
ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component.
CVSS 7.5
CVE-2023-39707 WRITEUP MEDIUM
Free and Open Source Inventory Management System 1.0 - Stored Cross-Site Scripting via Add Expense Parameter
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section.
CVSS 5.4
CVE-2023-39708 WRITEUP MEDIUM
Free and Open Source Inventory Management System 1.0 - Stored Cross-Site Scripting via Add New Parameter
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.
CVSS 6.1
CVE-2023-39709 WRITEUP MEDIUM
Free and Open Source Inventory Management System 1.0 - Stored Cross-Site Scripting via Add Member Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section.
CVSS 6.1
CVE-2023-39710 WRITEUP MEDIUM
Free and Open Source Inventory Management System 1.0 - Stored Cross-Site Scripting via Add Customer Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Customer section.
CVSS 6.1