Exploitdb Exploits
50,121 exploits tracked across all sources.
ABB ASPECT, NEXUS, and MATRIX Series <3.07.02 - Weak Password Reset Rules
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.
Affected products:
ABB ASPECT - Enterprise v3.07.02;
NEXUS Series v3.07.02;
MATRIX Series v3.07.02
by LiquidWorm
CVSS 9.4
common-user-management - RCE
common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE).
by d3sca
NAPC Xinet Elegant 6.1.655 - SQL Injection
NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used.
by hyp3rlinx
CVSS 9.8
silverstripe-asset-admin - RCE
silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability.
by James Nicoll
CVSS 5.4
Pimcore <4.2.0 - SQL Injection
A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component.
by maeitsec
CVSS 4.7
Pimcore 11.4.2 - XSS
A vulnerability classified as problematic was found in Pimcore 11.4.2. Affected by this vulnerability is an unknown functionality of the component Search Document. The manipulation leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
by maeitsec
CVSS 2.4
Openpanel - Path Traversal
An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request.
by Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsuchotmetee
CVSS 7.5
Openpanel - OS Command Injection
OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter.
by Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsuchotmetee
CVSS 9.8
Openpanel - Path Traversal
An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request.
by Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsuchotmetee
CVSS 7.5
Openpanel < 0.3.4 - Path Traversal
An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager.
by Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsuchotmetee
CVSS 9.1
Gestioip - XSS
The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks.
by Maximiliano Belino
CVSS 6.1
Gestioip - Unrestricted File Upload
An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution.
by Maximiliano Belino
CVSS 9.8
Gestioip - XSS
The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data.
by Maximiliano Belino
CVSS 4.8
Gestioip - XSS
The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully.
by Maximiliano Belino
CVSS 4.8
Gestioip - CSRF
Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration.
by Maximiliano Belino
CVSS 8.8
ZTE ZXHN H168N 3.1 - Remote Code Execution (RCE) via authentication bypass
by tasos meletlidis
Nagios Log Server <2024R1.3.2 - Info Disclosure
Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475.
by Seth Kraft
CVSS 9.9
Roundcube Webmail < 1.5.7 - XSS
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
by AmirZargham
CVSS 6.1
Rosariosis < 7.6.1 - SQL Injection
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
by CodeSecLab
CVSS 9.8
phpipam <1.6 - XSS
phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php.
by CodeSecLab
CVSS 6.1
Anirbandutta9 News-buzz - SQL Injection
A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument user_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.
by egsec
CVSS 7.3
MiniCMS 1.1 - XSS
MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerability in http://example.org/mc-admin/page.php?date={payload} that can result in code injection.
by CodeSecLab
CVSS 6.1
LearnPress - WordPress LMS Plugin <4.2.7 - SQL Injection
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by Francisco Moraga (BTshell)
CVSS 10.0
Gnuboard5 <=5.3.2.8 - SQL Injection
SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php.
by CodeSecLab
CVSS 9.8
Get-simple Getsimplecms < 3.3.15 - Unrestricted File Upload
Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess.
by CodeSecLab
CVSS 7.2
By Source