Exploitdb Exploits
50,076 exploits tracked across all sources.
Pimcore < 4.2.1 - SQL Injection via Customer List Filter Parameter
A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component.
by maeitsec
CVSS 4.7
pimcore 11.4.2 - Cross-Site Scripting in Search Document
A vulnerability classified as problematic was found in Pimcore 11.4.2. Affected by this vulnerability is an unknown functionality of the component Search Document. The manipulation leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
by maeitsec
CVSS 2.4
OpenPanel 0.3.4 - Path Traversal via File Manager Copy and View Functions
An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request.
by Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsuchotmetee
CVSS 7.5
OpenPanel v0.3.4 - OS Command Injection via Timezone Parameter
OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter.
by Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsuchotmetee
CVSS 9.8
OpenPanel 0.3.4 - Path Traversal via File Manager Copy and View Functions
An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request.
by Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsuchotmetee
CVSS 7.5
openpanel 0.2.1-0.3.4 - Path Traversal in File Manager File Actions
An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager.
by Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsuchotmetee
CVSS 9.1
GestioIP 3.5.7 - Stored Cross-Site Scripting via TSIG Key Field
The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks.
by Maximiliano Belino
CVSS 6.1
GestioIP 3.5.7 - Remote Code Execution via Malicious File Upload
An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution.
by Maximiliano Belino
CVSS 9.8
GestioIP 3.5.7 - Reflected Cross-Site Scripting via ip_import_acl_csv Request
The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data.
by Maximiliano Belino
CVSS 4.8
GestioIP 3.5.7 - Cross-Site Scripting via ip_do_job Request
The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully.
by Maximiliano Belino
CVSS 4.8
GestioIP 3.5.7 - Cross-Site Request Forgery
Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration.
by Maximiliano Belino
CVSS 8.8
ZTE ZXHN H168N 3.1 - Remote Code Execution (RCE) via authentication bypass
by tasos meletlidis
NetMan 204 Missing Authentication for Administrative Functions
NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages (such as administration.html, administration-commands.html, and configuration.html) to disclose sensitive information including LDAP configuration and active user details, and can invoke privileged UPS control commands — including shutdown, reboot, switch-on-bypass, and battery test — without supplying any credentials.
by Parsa Rezaie Khiabanloo
CVSS 9.8
NetMan 204 Hard-coded Backdoor Credentials
NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint (for example /cgi-bin/login.cgi?username=eurek&password=eurek, which due to lax parameter validation can be shortened to /cgi-bin/login.cgi?username=eurek%20eurek) to obtain administrator privileges, allowing them to alter device configuration, enable the telnet/SSH services, and reset local user credentials.
by Parsa Rezaie Khiabanloo
CVSS 9.8
Nagios Log Server <2024R1.3.2 - Info Disclosure
Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475.
by Seth Kraft
CVSS 9.9
Roundcube Webmail < 1.5.7 and 1.6.x < 1.6.7 - Cross-Site Scripting via SVG Animate Attributes
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
by AmirZargham
CVSS 6.1
RosarioSIS < 7.6.1 - Unauthenticated SQL Injection via PortalPollsNotes Votes Parameter
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
by CodeSecLab
CVSS 9.8
phpipam v1.6 - Reflected Cross-Site Scripting via closeClass Parameter
phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php.
by CodeSecLab
CVSS 6.1
code-projects/anirbandutta9 Content Management System and News-Buzz 1.0 - SQL Injection via user_name Parameter
A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument user_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.
by egsec
CVSS 7.3
MiniCMS 1.1 - Cross-Site Scripting via Date Parameter
MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerability in http://example.org/mc-admin/page.php?date={payload} that can result in code injection.
by CodeSecLab
CVSS 6.1
LearnPress - WordPress LMS Plugin <4.2.7 - SQL Injection
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by Francisco Moraga (BTshell)
CVSS 10.0
Gnuboard5 <=5.3.2.8 - SQL Injection
SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php.
by CodeSecLab
CVSS 9.8
GetSimpleCMS < 3.3.15 - Remote Code Execution via PHAR File Upload
Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess.
by CodeSecLab
CVSS 7.2
flatcore < 1.5 - Cross-Site Request Forgery via File Upload
A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php.
by CodeSecLab
CVSS 8.8
WebFileSys <2.31.0 - Path Traversal
An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing data outside the intended directory.
by Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsuchotmetee
CVSS 5.3
By Source