Exploitdb Exploits
50,076 exploits tracked across all sources.
Rukovoditel 3.3.1 - Authenticated CSV Injection via Firstname Field
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file.
by Mirabbas Ağalarov
CVSS 8.8
MotoCMS 3.4.3 - Server-Side Template Injection via Keyword Parameter
MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter.
by tmrswrr
CVSS 9.8
bumsys < 1.0.3-beta - Unrestricted Upload of File with Dangerous Type
Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta.
by AFFAN AHMED
CVSS 8.8
PHPGurukul Online Security Guards Hiring System 1.0 - Cross-Site Scripting via search-request.php searchdata Parameter
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input "><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219596.
by AFFAN AHMED
CVSS 3.5
Sourcecodester Faculty Evaluation System v1.0 - RCE
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.
by URGAN
CVSS 7.2
Flexense SyncBreeze Enterprise <10.6.24 - Memory Corruption
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.
by Ege Balci
CVSS 7.5
Pydio Cells < 3.0.12 - Unauthenticated Privilege Escalation via External User Role Assignment
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.
by RedTeam Pentesting GmbH
CVSS 8.8
Pydio Cells < 3.0.12 - Server-Side Request Forgery via Remote Download Job
Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a user-specified folder in Pydio Cells.
by RedTeam Pentesting GmbH
CVSS 6.5
Pydio Cells < 3.0.12 - Cross-Site Scripting via Presigned URL Manipulation
Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript [1]. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it is possible to generate valid signatures for arbitrary download URLs. By uploading an HTML file and modifying the download URL to serve the file inline instead of as an attachment, any included JavaScript code is executed when the URL is opened in a browser, leading to a cross-site scripting vulnerability.
by RedTeam Pentesting GmbH
CVSS 5.4
Camaleon CMS < 2.7.0 - Server-Side Template Injection via Formats Parameter
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
by PARAG BAGUL
CVSS 9.8
Zenphoto 1.6 - Stored Cross-Site Scripting in User Postal Code Field
Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser context.
by Mirabbas Ağalarov
CVSS 4.6
Zenphoto 1.6 - Authenticated Stored Cross-Site Scripting via Album Description
Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users view the album page.
by Mirabbas Ağalarov
CVSS 4.6
UliCMS 2023.1 - Unauthenticated Authentication Bypass via Mass Assignment in UserController
UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specific parameters to generate an administrative account with full system access.
by Mirabbas Ağalarov
CVSS 9.8
WBCE CMS 1.6.1 - Authenticated Stored Cross-Site Scripting via Page Content
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script content in the content parameter to execute JavaScript when users view the affected page.
by Mirabbas Ağalarov
CVSS 5.4
WBCE CMS 1.6.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the /wbce/modules/elfinder/ef/php/connector.wbce.php endpoint and execute JavaScript when victims access the uploaded file.
by Mirabbas Ağalarov
CVSS 5.4
Wondershare Filmora <12.2.1.2088 - Privilege Escalation
Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges.
by Thurein Soe
CVSS 7.8
Cloudogu GmbH SCM Manager <1.60 - XSS
A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.
by neg0x
CVSS 5.4
Seagate Central NAS STCG2000300 STCG3000300 STCG4000300 - OS Command Injection via mv_backend_launch
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request.
by Ege Balci
CVSS 9.8
Service Provider Management System 1.0 - SQL Injection via ID Parameter
Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2
by ASHIK KUNJUMON
CVSS 9.8
WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download
WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps.
by Wadeek
CVSS 7.5
Helakuru 1.1 - Uncontrolled Search Path Element via wow64log.dll
An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file.
by Ahsan Azad
CVSS 7.8
Screen SFT DAB 600/C Firmware 1.9.3 - Auth Bypass
Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP-bound session identifiers. Attackers can exploit the vulnerable deviceManagement API endpoint to reset device configurations by sending crafted POST requests with manipulated session parameters.
by LiquidWorm
CVSS 7.5
Screen SFT DAB 600/C firmware <1.9.3 - Auth Bypass
Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords without proper authentication.
by LiquidWorm
CVSS 7.5
Screen SFT DAB 600/C Firmware 1.9.3 - Auth Bypass
Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts without proper authentication.
by LiquidWorm
CVSS 9.8
By Source