Exploit Database
144,326 exploits tracked across all sources.
Emlog Pro 1.7.1 - Reflected Cross-Site Scripting via /admin/store.php
Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php.
CVSS 4.8
Emlog pro v1.1.1 - Stored Cross-Site Scripting via footer_info Parameter
Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info.
CVSS 4.8
emlog 6.0 - SQL Injection via $TagID Parameter in getblogidsfromtagid()
Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid().
CVSS 9.8
emlog <= pro-1.0.7 - Cross-Site Scripting via 's' Parameter
Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVSS 6.1
emlog 5.3.1 - Remote Code Execution
A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.
CVSS 9.8
emlog v5.3.1 - Full Path Disclosure in t/index.php
emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.
CVSS 5.3
emlog 5.3.1 and 6.0.0 - Remote Code Execution via Database Backup File Upload
emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php.
CVSS 9.8
emlog 6.0 - Stored Cross-Site Scripting in Article Comments
Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0.
CVSS 6.1
emlog 6.0.0stable - SQL Injection via admin/navbar.php Page Addition
An issue was discovered in emlog 6.0.0stable. There is a SQL Injection vulnerability that can execute any SQL statement and query server sensitive data via admin/navbar.php?action=add_page.
CVSS 8.8
emlog v6.0 - Remote Code Execution via Crafted Zip File Upload
emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file.
CVSS 7.2
emlog 6.0.0 - Unrestricted Upload of File with Dangerous Type via Zip Plugin Module
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.
CVSS 9.8
emlog v6.0 - Cross-Site Request Forgery via /admin/link.php?action=addlink
emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.
CVSS 4.3
emlog v6.0.0 - Arbitrary File Deletion in admin/plugin.php
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php.
CVSS 6.5
emlog v6.0.0 - SQL Injection via /admin/comment.php
emlog v6.0.0 contains a SQL injection via /admin/comment.php.
CVSS 7.2
emlog <= 6.0.0beta - Authenticated Path Traversal and Arbitrary File Deletion via Template Deletion Endpoint
emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal.
CVSS 6.5
emlog <= 6.0.0beta - Arbitrary File Deletion via bak[] Parameter
emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.
CVSS 9.8
emlog pro2.1.14 - SQL Injection via uid Parameter
Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php.
CVSS 7.2
GruppoSCAI RealGimm <1.1.37p38 - XSS
A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file.
CVSS 6.5
GruppoSCAI RealGimm 1.1.37p38 - SQL Injection
A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query.
CVSS 9.8
GruppoSCAI RealGimm <1.1.37p38 - RCE
An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file.
CVSS 9.8
GruppoSCAI RealGimm <1.1.37p38 - RCE
An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS 8.8
GruppoSCAI RealGimm <1.1.37p38 - Info Disclosure
An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query.
CVSS 8.8
GruppoSCAI RealGimm 1.1.37p38 - XSS
Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.
CVSS 6.1
Buttercup v2.20.3 - Info Disclosure
Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/
CVSS 5.3
OpenMage Magento < 19.5.1 - Unauthenticated Order Access via Weak Protect Code
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1.
CVSS 7.5
By Source