Exploitdb Exploits
50,121 exploits tracked across all sources.
esm.sh <136 - Path Traversal
esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a filesystem path but is not properly canonicalized or restricted to the application’s storage base directory. As a result, supplying ../ sequences in X-Zone-Id causes files to be written to arbitrary directories. Version 136.1 contains a patch.
by Byte Reaper
Pluck < 4.7.7 - Unrestricted File Upload
An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.
by CodeSecLab
CVSS 9.8
Rosariosis - XSS
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.
by CodeSecLab
CVSS 6.1
Rosariosis - XSS
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL.
by CodeSecLab
CVSS 6.1
Pluck - Unrestricted File Upload
File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file.
by CodeSecLab
CVSS 7.2
Phpmyfaq < 2.9.8 - CSRF
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
by CodeSecLab
CVSS 8.8
Phpmyfaq < 2.9.8 - CSRF
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
by CodeSecLab
CVSS 8.8
Phpmyfaq < 2.9.8 - CSRF
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
by CodeSecLab
CVSS 8.8
phpMyAdmin <4.9.4-5.0.1 - SQL Injection
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
by CodeSecLab
CVSS 8.8
phpIPAM 1.4 - SQL Injection
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
by CodeSecLab
CVSS 9.8
openSIS CE <8.0 - SQL Injection
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.
by CodeSecLab
CVSS 9.8
OpenRepeater <2.2 - Command Injection
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.
by CodeSecLab
CVSS 9.8
MobileDetect <2.8.31 - XSS
A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The identifier of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability.
by CodeSecLab
CVSS 3.5
Mangoswebv4 < 4.0.8 - XSS
paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter).
by CodeSecLab
CVSS 6.1
Django < 4.2.26 - SQL Injection
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue.
by Wafcontrol Security Team
CVSS 9.1
Piwigo 13.6.0 - SQL Injection
Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.
by CodeSecLab
CVSS 9.8
Phpipam - XSS
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.
by CodeSecLab
CVSS 7.1
Phpipam - XSS
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php.
by CodeSecLab
CVSS 6.1
Phpipam < 1.5.2 - SQL Injection
SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.
by CodeSecLab
CVSS 7.2
Yourls < 1.8.3 - CSRF
Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3.
by CodeSecLab
CVSS 7.4
Phpmyfaq < 3.1.8 - XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
by CodeSecLab
CVSS 6.1
Flowise < 3.0.6 - Code Injection
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it executes JavaScript code without any security validation. Specifically, inside the convertToValidJSONString function, user input is directly passed to the Function() constructor, which evaluates and executes the input as JavaScript code. Since this runs with full Node.js runtime privileges, it can access dangerous modules such as child_process and fs. This issue has been patched in version 3.0.6.
by nltt0
CVSS 10.0
Casbin Casdoor < 1.331.0 - CSRF
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.
by Van Lam Nguyen
CVSS 6.5
Microsoft Windows 10 21h2 < 10.0.19044.5371 - Heap Buffer Overflow
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
by Milad Karimi (Ex3ptionaL)
CVSS 7.8
XWiki Platform - Remote Code Execution
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to `<host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20`. If there is an output, and the title of the RSS feed contains `Hello from search text:42`, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit `Main.SolrSearchMacros` in `SolrSearchMacros.xml` on line 955 to match the `rawResponse` macro in `macros.vm#L2824` with a content type of `application/xml`, instead of simply outputting the content of the feed.
by Maksim Rogov
CVSS 9.8
By Source