Suggest Exploit

Explore Vulnerabilities


Explore all Exploits:

CSZCMS v1.3.0 – SQL Injection (Authenticated)

An authenticated SQL injection vulnerability was found in CSZCMS v1.3.0. By manipulating the 'View' button next to a username in the Member Users section, an attacker can inject malicious SQL code using the 'sleep' function. This could lead to unauthorized access to the database or execution of arbitrary SQL queries.

OpenCart Core – ‘search’ SQL Injection

OpenCart Core is vulnerable to SQL Injection through the 'search' parameter in the URL /index.php?route=product/search&search=. Exploiting this vulnerability can lead to a potential compromise of the application, unauthorized access or modification of data, and exploitation of hidden database vulnerabilities.

Multiple Vulnerabilities in xbtitFM 4.1.18

The unauthenticated SQL Injection and path traversal vulnerabilities in xbtitFM 4.1.18 and prior versions can be exploited without user interaction. An insecure file upload vulnerability requires enabling the file_hosting feature, which can be achieved by accessing an administrator account. These vulnerabilities can allow an attacker to extract database names, user information, and password hashes. Automated tools like sqlmap can be used to exploit these vulnerabilities and dump the database.

Quick.CMS 6.7 SQL Injection Login Bypass

The exploit allows an attacker to bypass authentication in Quick.CMS 6.7 by using a specific SQL injection payload. By entering the payload ' or '1'='1 in the email field and proceeding with the login, the attacker can successfully bypass the authentication and gain unauthorized access to the admin panel.

Computer Laboratory Management System v1.0 – Multiple-SQL Injection

The 'id' parameter of Computer Laboratory Management System v1.0 is prone to SQL injection attacks. By injecting a payload that includes a sub-query to MySQL's load_file function with a UNC file path pointing to an external domain, an attacker can execute malicious SQL queries and retrieve sensitive information from the system.

Online Hotel Booking In PHP 1.0 – Blind SQL Injection (Unauthenticated)

The Online Hotel Booking system in PHP version 1.0 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to extract sensitive information from the database without authentication. This exploit has not been assigned a CVE yet.

Simple Task List 1.0 – ‘status’ SQL Injection

Simple Task List version 1.0 is vulnerable to SQL Injection in the 'status' parameter of the addTask.php file. An attacker can exploit this vulnerability to execute malicious SQL queries, potentially leading to unauthorized access and extraction of sensitive data from the database.

Stock Management System v1.0 – Unauthenticated SQL Injection

The Stock Management System web application version 1.0 is vulnerable to an unauthenticated SQL Injection attack. This vulnerability allows remote attackers to extract sensitive information from the SQL database using an Error-Based Injection technique.

Recent Exploits: