CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

92447 matches found

CVE-2018-25420

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4Affected Software1

ATTACKERKB•added 5 days ago•7 views

CVE-2018-25417

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Attackers can send GET requests to quality.php with crafted SQL payloads in the quality parameter to extrac...

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4Affected Software1

ATTACKERKB•added 5 days ago•8 views

CVE-2018-25416

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4Affected Software1

Vulnrichment•added 5 days ago•5 views

CVE-2018-25416 AiOPMSD Final 1.0.0 SQL Injection via country.php

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4

Vulnrichment•added 5 days ago•5 views

CVE-2018-25415 AiOPMSD Final 1.0.0 SQL Injection via director Parameter

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attackers can send GET requests to director.php with crafted SQL payloads in the director parameter to...

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4

Vulnrichment•added 5 days ago•4 views

CVE-2018-25414 AiOPMSD Final 1.0.0 SQL Injection via actor.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4

ATTACKERKB•added 5 days ago•5 views

CVE-2018-25412

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...

9.8CVSS6.4AI score0.00178EPSS

Exploits1References5Affected Software1

Vulnrichment•added 5 days ago•5 views

CVE-2018-25410 SIM-PKH 2.4.1 SQL Injection via media.php id Parameter

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

7.1CVSS6.2AI score0.00026EPSS

Exploits0References4

Cvelist•added 5 days ago•24 views

CVE-2018-25411 MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

8.8CVSS0.00068EPSS

Exploits0References4

ATTACKERKB•added 5 days ago•7 views

CVE-2018-25409

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...

8.8CVSS6AI score0.00043EPSS

Exploits0References4Affected Software1

Cvelist•added 5 days ago•26 views

CVE-2018-25407 eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS0.00068EPSS

Exploits0References4

Vulnrichment•added 5 days ago•5 views

CVE-2018-25407 eNdonesia Portal 8.7 SQL Injection via mod.php

8.8CVSS6.2AI score0.00068EPSS

Exploits0References4

CVE•added 5 days ago•8 views

CVE-2018-25407

CVE-2018-25407 affects eNdonesia Portal 8.7, where multiple SQL injection flaws in mod.php allow unauthenticated attackers to execute arbitrary SQL via parameters such as artid, cid, did, contid, and aboutid across the publisher, diskusi, galeri, content, and about modules. The issue can be used ...

8.8CVSS6.2AI score0.00068EPSS

Exploits0References4

CVE•added 5 days ago•10 views

CVE-2018-25406

CVE-2018-25406 affects the eNdonesia Portal 8.7, where multiple SQL injection vulnerabilities allow unauthenticated attackers to run arbitrary SQL queries via mod.php. The attacker can inject SQL through parameters artid, cid, did, contid, and aboutid across modules including publisher, diskusi, ...

8.8CVSS6.2AI score0.00068EPSS

Exploits0References4

EUVD•added 5 days ago•3 views

EUVD-2018-21929

8.8CVSS6.2AI score0.00068EPSS

Exploits0References4

Vulnrichment•added 5 days ago•6 views

CVE-2018-25406 eNdonesia Portal 8.7 SQL Injection via mod.php

8.8CVSS6.2AI score0.00068EPSS

Exploits0References4

EUVD•added 5 days ago•5 views

EUVD-2018-21927

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4

GithubExploit•added 5 days ago•65 views

Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploitation-Using-Metasploit-

Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploit...

6.5AI score

Exploits0

CVE•added 5 days ago•22 views

CVE-2026-7465

The CVE concerns the Spectra Gutenberg Blocks – Website Builder for the WordPress Block Editor plugin. It is vulnerable to Remote Code Execution in all versions up to and including 2.19.25. Exploitation requires authenticated access at Contributor level or higher and a crafted two-block payload i...

8.8CVSS6.1AI score0.00069EPSS

In wildExploits1References6

Vulnrichment•added 5 days ago•5 views

CVE-2026-10110 code-projects Student Details Management System index.php sql injection

A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and m...

7.5CVSS7AI score0.0003EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by