Suggest Exploit

Explore Vulnerabilities


Explore all Exploits:

Gibbon LMS v26.0.00 – Server-Side Template Injection Vulnerability

The Gibbon LMS v26.0.00 is vulnerable to Server-Side Template Injection (SSTI) due to improper handling of user-supplied input in the login.php file. An attacker can exploit this vulnerability to execute arbitrary code on the server, leading to remote code execution.

GUnet OpenEclass E-learning platform 3.15 – ‘certbadge.php’ Unrestricted File Upload

The GUnet OpenEclass E-learning platform version 3.15 allows unrestricted file upload through the 'certbadge.php' file, which can be exploited by an attacker to upload malicious files. This vulnerability has been assigned the CVE-2024-31777.

Pre-auth RCE on Compuware iStrobe Web

The vulnerability allows for pre-authenticated Remote Code Execution (RCE) on Compuware iStrobe Web version 20.13. By exploiting this vulnerability, an attacker can upload a webshell through a web upload form, utilizing path traversal and arbitrary file upload (.jsp files). The specific vulnerable parameter is 'fileName' which can be manipulated to upload a webshell.

TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection PoC Exploit

The TELSAT marKoni FM transmitters are vulnerable to unauthenticated remote code execution with root privileges. By manipulating the Email settings' WAN IP info service, which uses the 'wget' module, an attacker can exploit a command injection flaw. This allows unauthorized access with administrative privileges through the 'url' parameter in the HTTP GET request to ekafcgi.fcgi.

WBCE CMS Version 1.6.1 Remote Command Execution

WBCE CMS version 1.6.1 is vulnerable to remote command execution. By uploading a malicious file and triggering its execution through the language installation feature, an attacker can execute arbitrary commands on the server. This can lead to unauthorized access, data theft, and other malicious activities. This vulnerability has been assigned CVE-2023-XXXXX.

WordPress Plugin – Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)

The vulnerability allows unauthenticated attackers to upload arbitrary files leading to remote code execution. An attacker can exploit this vulnerability by uploading a malicious file containing PHP code. This vulnerability has a CVE assigned: CVE-2024-XXXXX.

OpenCart Core – ‘search’ SQL Injection

OpenCart Core is vulnerable to SQL Injection through the 'search' parameter in the URL /index.php?route=product/search&search=. Exploiting this vulnerability can lead to a potential compromise of the application, unauthorized access or modification of data, and exploitation of hidden database vulnerabilities.

Recent Exploits: