Exploitdb Exploits
50,121 exploits tracked across all sources.
minaliC 2.0.0 - DoS
minaliC 2.0.0 contains a denial of service vulnerability that allows remote attackers to crash the web server by sending oversized GET requests. Attackers can send crafted HTTP requests with excessive data to overwhelm the server and cause service interruption.
by Fernando Mengali
Cszcms Csz Cms - SQL Injection
CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information.
by Abdulaziz Almetairy
CVSS 8.8
Phpgurukul Teacher Subject Allocation Management System - SQL Injection
SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter.
by Ersin Erenler
CVSS 7.5
Walterjnr1 Employee Management System - SQL Injection
SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php.
by Shubham Pandey
CVSS 9.8
Code-Projects Blood Bank 1.0 - SQL Injection
SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via the 'bid' parameter.
by Ersin Erenler
CVSS 7.8
SMU <14.8.7825.01 - Info Disclosure
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.
by Arslan Masood
CVSS 7.6
Gibbon <26.0.00 - Code Injection
Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.
by Ali Maharramli_Fikrat Guliev_Islam Rzayev
CVSS 8.8
WEBIGniter 28.7.23 - XSS
WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process that allows unauthenticated attackers to execute malicious JavaScript code, enabling potential XSS attacks.
by Mesut Cetin
Xbtitfm - Unrestricted File Upload
xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the file_hosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif, adding GIF89a magic bytes, and using alternate PHP tags to upload web shells that execute system commands.
by h5kj23kj32io2kj
CVSS 7.2
Xbtitfm - Path Traversal
xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like using encoded path traversal characters in HTTP requests.
by h5kj23kj32io2kj
CVSS 7.5
Xbtitfm - SQL Injection
xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database names, user credentials, and password hashes from the underlying database.
by h5kj23kj32io2kj
CVSS 9.8
Opensolution Quick Cms - SQL Injection
Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system.
by H4X.Forensics
CVSS 9.8
ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCE
by Ravindu Wickramasinghe
TYPO3 11.5.24 - Path Traversal (Authenticated)
by Saeed reza Zamanian
TELSAT marKoni FM Transmitter 1.9.5 - Root Command Injection
by LiquidWorm
TELSAT marKoni FM Transmitter 1.9.5 - Insecure Access Control Change Password
by LiquidWorm
TELSAT marKoni FM Transmitter 1.9.5 - Backdoor Account Information Disclosure
by LiquidWorm
APC Network Management Card 4 - Path Traversal
APC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like /etc/passwd by using encoded path traversal characters in HTTP requests.
by Víctor García
Winter CMS v.1.2.3 - SSTI
Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them.
by tmrswrr
CVSS 7.2
By Source