Exploitdb Exploits
50,076 exploits tracked across all sources.
Pluck 4.7.10 - Remote Code Execution via Trashcan Restore Item File Upload
File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file.
by CodeSecLab
CVSS 7.2
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/stat.main.php
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
by CodeSecLab
CVSS 8.8
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/ajax.config.php
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
by CodeSecLab
CVSS 8.8
phpmyfaq < 2.9.8 - Cross-Site Request Forgery for Glossary Modification
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
by CodeSecLab
CVSS 8.8
phpMyAdmin <4.9.4-5.0.1 - SQL Injection
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
by CodeSecLab
CVSS 8.8
phpipam < 1.4 - SQL Injection via Custom Fields Order Table Parameter
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
by CodeSecLab
CVSS 9.8
openSIS 8.0 - SQL Injection via ForgotPassUserName.php
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.
by CodeSecLab
CVSS 9.8
OpenRepeater <2.2 - Command Injection
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.
by CodeSecLab
CVSS 9.8
mobiledetect < 2.8.32 - Cross-Site Scripting via $_SERVER['PHP_SELF'] in session_example.php
A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The identifier of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability.
by CodeSecLab
CVSS 3.5
mangoswebv4 < 4.0.8 - Reflected Cross-Site Scripting via Install Step Parameter
paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter).
by CodeSecLab
CVSS 6.1
Django 4.2-4.2.25 5.1-5.1.13 5.2a1-5.2.7 - SQL Injection via QuerySet Dictionary Expansion
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue.
by Wafcontrol Security Team
CVSS 9.1
Piwigo 13.6.0 - SQL Injection via Profile Function
Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.
by CodeSecLab
CVSS 9.8
phpipam 1.6 - Cross-Site Scripting via PowerDNS Record Edit Page
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.
by CodeSecLab
CVSS 7.1
phpipam 1.6 - Cross-Site Scripting via Import Load Data
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php.
by CodeSecLab
CVSS 6.1
phpipam < 1.5.2 - SQL Injection
SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.
by CodeSecLab
CVSS 7.2
YOURLS < 1.8.3 - Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3.
by CodeSecLab
CVSS 7.4
phpmyfaq < 3.1.8 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
by CodeSecLab
CVSS 6.1
Flowise 3.0.5 - Remote Code Execution via CustomMCP Node Configuration Parsing
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it executes JavaScript code without any security validation. Specifically, inside the convertToValidJSONString function, user input is directly passed to the Function() constructor, which evaluates and executes the input as JavaScript code. Since this runs with full Node.js runtime privileges, it can access dangerous modules such as child_process and fs. This issue has been patched in version 3.0.6.
by nltt0
CVSS 10.0
Casdoor < 1.331.0 - Cross-Site Request Forgery via Password Reset Endpoint
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.
by Van Lam Nguyen
CVSS 6.5
Windows Hyper-V NT Kernel Integration VSP - Elevation of Privilege via Heap-based Buffer Overflow
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
by Milad Karimi (Ex3ptionaL)
CVSS 7.8
XWiki Platform - Remote Code Execution
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to `<host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20`. If there is an output, and the title of the RSS feed contains `Hello from search text:42`, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit `Main.SolrSearchMacros` in `SolrSearchMacros.xml` on line 955 to match the `rawResponse` macro in `macros.vm#L2824` with a content type of `application/xml`, instead of simply outputting the content of the feed.
by Maksim Rogov
CVSS 9.8
Tourism Management System 2.0 - Unrestricted Shell Upload and Remote Code Execution
A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality.
by Debug Security
CVSS 7.2
ELEX WooCommerce Google Shopping <1.4.3 - SQL Injection
The ELEX WooCommerce Google Shopping (Google Product Feed) plugin for WordPress is vulnerable to SQL Injection via the 'file_to_delete' parameter in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by Byte Reaper
CVSS 4.9
dotCMS Cloud Services (dCS) >=24.03.22 - Authenticated SQL Injection via Sites Parameter
dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers or keys.
The vulnerability was triggered via the sites parameter, which was directly concatenated into a SQL query without proper sanitization.
Exploitation allowed an authenticated attacker with low privileges to extract data from database, perform privilege escalation, or trigger denial-of-service conditions.
The vulnerability was verified using tools such as SQLMap and confirmed to allow full database exfiltration and potential denial-of-service conditions via crafted payloads.
The vulnerability is fixed in the following versions of dotCMS stack: 25.08.14 / 25.07.10-1v2 LTS / 24.12.27v10 LTS / 24.04.24v21 LTS
by Matan Sandori (OSCP_ OSEP_ OSWE)
Concrete CMS 9.0-9.4.2 - Stored Cross-Site Scripting via Home Folder on Members Dashboard
Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks sealldev (Noah Cooper) for reporting via HackerOne.
by Chokri Hammedi
CVSS 4.8
By Source