Exploit Database

144,846 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-50340 WRITEUP HIGH
symfony/runtime 5.3.0-5.4.45, 6.0.0-6.4.13, 7.0.0-7.1.6 - Environment Manipulation via Crafted Query String
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 7.3
CVE-2024-50349 WRITEUP MEDIUM
Git < 2.40.4 - Terminal Credential Prompt Spoofing via ANSI Escape Sequences
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the host name for which the user is expected to provide a username and/or a password. At this stage, any URL-encoded parts have been decoded already, and are printed verbatim. This allows attackers to craft URLs that contain ANSI escape sequences that the terminal interpret to confuse users e.g. into providing passwords for trusted Git hosting sites when in fact they are then sent to untrusted sites that are under the attacker's control. This issue has been patch via commits `7725b81` and `c903985` which are included in release versions v2.48.1, v2.47.2, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones.
CVSS 4.7
CVE-2024-50647 WRITEUP HIGH
python_food 1.0 - Unauthenticated Sensitive Information Exposure via User Info API
The python_food ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can access it through https://ip:port/api/myapp/index/user/info?id=1 And modify the ID value to obtain sensitive user information beyond authorization.
CVSS 7.5
CVE-2024-50648 WRITEUP CRITICAL
yshopmall V1.0 - Arbitrary File Upload and Remote Code Execution via JSP File Parsing
yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.
CVSS 9.8
CVE-2024-50649 WRITEUP CRITICAL
python_book V1.0 - Arbitrary File Upload via User Avatar Upload Function
The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability.
CVSS 9.8
CVE-2024-50650 WRITEUP HIGH
python_book 1.0 - Incorrect Authorization via ID Parameter
python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.
CVSS 7.5
CVE-2024-50651 WRITEUP MEDIUM
java_shop 1.0 - Unauthenticated Incorrect Access Control via ID Parameter
java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.
CVSS 6.5
CVE-2024-50652 WRITEUP MEDIUM
java_shop 1.0 - Unrestricted Upload of File with Dangerous Type via Avatar Function
A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by modifying the avatar function.
CVSS 4.3
CVE-2024-50654 WRITEUP HIGH
lilishop <= 4.2.4 - Incorrect Access Control via Coupon Collection Packet Replay
lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency.
CVSS 7.5
CVE-2024-50655 WRITEUP MEDIUM
emlog pro <=2.3.18 - Stored Cross-Site Scripting in Published Articles
emlog pro <=2.3.18 is vulnerable to Cross Site Scripting (XSS), which allows attackers to write malicious JavaScript code in published articles.
CVSS 5.4
CVE-2024-50672 WRITEUP CRITICAL
Adapt Learning Adapt Authoring Tool <= 0.11.3 - SQL Injection
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in Mongoose's find() function. This makes it possible for attackers to perform a full takeover of the administrator account. Attackers can then use the newly gained administrative privileges to upload a custom plugin to perform remote code execution (RCE) on the server hosting the web application.
CVSS 9.8
CVE-2024-50672 WRITEUP CRITICAL
Adapt Learning Adapt Authoring Tool <= 0.11.3 - SQL Injection
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in Mongoose's find() function. This makes it possible for attackers to perform a full takeover of the administrator account. Attackers can then use the newly gained administrative privileges to upload a custom plugin to perform remote code execution (RCE) on the server hosting the web application.
CVSS 9.8
CVE-2024-50671 WRITEUP MEDIUM
Adapt Learning Adapt Authoring Tool <= 0.11.3 - Info Disclosure
Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs grants unintended access to endpoints restricted to users with Super Admin roles. This makes it possible for attackers to disclose the email addresses of all users.
CVSS 4.3
CVE-2024-50677 WRITEUP MEDIUM
OroPlatform CMS 5.1 - Cross-Site Scripting via Search Parameter
A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter.
CVSS 6.1
CVE-2024-50807 WRITEUP MEDIUM
Trippo Responsive Filemanager 9.14.0 - XSS
Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scripting (XSS) via file upload using the svg and pdf extensions.
CVSS 6.1
CVE-2024-50848 WRITEUP MEDIUM
WorldServer 11.8.2 - XML External Entity Injection via Crafted TMX File
An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file.
CVSS 6.5
CVE-2024-50849 WRITEUP MEDIUM
WorldServer 11.8.2 - Authenticated Stored Cross-Site Scripting in Rules Functionality
A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code.
CVSS 4.8
CVE-2024-50857 WRITEUP MEDIUM
GestioIP 3.5.7 - Cross-Site Scripting via ip_do_job Request
The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully.
CVSS 4.8
CVE-2024-50858 WRITEUP HIGH
GestioIP 3.5.7 - Cross-Site Request Forgery
Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration.
CVSS 8.8
CVE-2024-50859 WRITEUP MEDIUM
GestioIP 3.5.7 - Reflected Cross-Site Scripting via ip_import_acl_csv Request
The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data.
CVSS 4.8
CVE-2024-50861 WRITEUP MEDIUM
GestioIP 3.5.7 - Stored Cross-Site Scripting via TSIG Key Field
The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks.
CVSS 6.1
CVE-2024-50919 WRITEUP CRITICAL
Jpress < 5.1.1 - Unauthenticated Arbitrary File Upload and Remote Code Execution via JSP File Construction
Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution
CVSS 9.8
CVE-2024-50947 WRITEUP HIGH
kmqtt 0.2.7 - Denial of Service
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVSS 7.5
CVE-2024-50948 WRITEUP HIGH
mochiMQTT 2.6.3 - Denial of Service via Malicious Publish/Subscribe Sessions
mochiMQTT v2.6.3 is vulnerable to Denial of Service (DoS) due to improper resource management. An attacker can exhaust system memory and crash the broker by establishing and maintaining a large number of malicious, long-term publish/subscribe sessions.
CVSS 7.5
CVE-2024-50986 WRITEUP HIGH
Clementine 1.3.1 - Untrusted Search Path
An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file.
CVSS 7.3
By Source
All 144,846 Writeup 62,573 Exploitdb 50,076 Nomisec 22,496 Github 3,735 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,630 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 137 go 73 postscript 25 typescript 25