CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/03/06 12:19 p.m.•28 views

CVE-2018-25175 Alienor Web Libre 2.0 SQL Injection via index.php

8.8CVSS0.00132EPSS

Vulnrichment•added 2026/03/06 12:19 p.m.•2 views

CVE-2018-25175 Alienor Web Libre 2.0 SQL Injection via index.php

8.8CVSS6.1AI score0.00132EPSS

Vulnrichment•added 2026/03/06 12:19 p.m.•1 views

CVE-2018-25173 Rmedia SMS 1.0 SQL Injection via editgrp.php

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...

8.8CVSS5.9AI score0.00123EPSS

CVE•added 2026/03/06 12:19 p.m.•7 views

CVE-2018-25170

CVE-2018-25170 affects DoceboLMS 1.2. An SQL injection enables unauthenticated attackers to manipulate queries by injecting SQL through lesson.php parameters id, idC, and idU via GET requests to retrieve sensitive data. The connected sources confirm the vulnerability and affected workflow but do ...

8.8CVSS5.9AI score0.00033EPSS

Vulnrichment•added 2026/03/06 12:18 p.m.•1 views

CVE-2018-25165 Galaxy Forces MMORPG 0.5.8 SQL Injection via ads.php

Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. Attackers can send POST requests to ads.php with crafted SQL payloads in the type parameter to extract...

7.1CVSS6.1AI score0.00039EPSS

CVE•added 2026/03/06 12:18 p.m.•9 views

CVE-2018-25162

CVE-2018-25162 affects 2-Plan Team 1.0.4. An authenticated attacker can upload executable PHP files via managefile.php, by sending multipart form data with action=upload and the userfile1 parameter. Uploaded PHP files are stored in the files directory and may be executed by the web server, enabli...

7.1CVSS6.2AI score0.00116EPSS

CVE•added 2026/03/06 12:18 p.m.•8 views

CVE-2018-25161

Warranty Tracking System 11.06.3 contains an SQL injection in SearchCustomer.php that allows bypassing input validation via POST parameters txtCustomerCode, txtCustomerName, and txtPhone. The vulnerability enables attackers to execute arbitrary SQL statements (e.g., UNION SELECT) to exfiltrate se...

8.8CVSS6.1AI score0.00053EPSS

Cvelist•added 2026/03/06 12:18 p.m.•26 views

CVE-2018-25161 Warranty Tracking System 11.06.3 SQL Injection via SearchCustomer.php

Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements...

8.8CVSS0.00053EPSS

GithubExploit•added 2026/03/06 8:49 a.m.•118 views

Exploit for CVE-2023-39848

DAMN VULNERABLE WEB APPLICATION Damn Vulnerable Web Applicati...

5.6AI score

Exploits2

RedhatCVE•added 2026/03/06 7:55 a.m.•3 views

CVE-2025-69339

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in don-themes Molla molla allows PHP Local File Inclusion.This issue affects Molla: from n/a through = 1.5.16...

RedhatCVE•added 2026/03/06 7:55 a.m.•4 views

CVE-2025-69090

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Remons remons allows PHP Local File Inclusion.This issue affects Remons: from n/a through = 1.3.4...

RedhatCVE•added 2026/03/06 7:55 a.m.•3 views

CVE-2026-27992

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Meals & Wheels meals-wheels allows PHP Local File Inclusion.This issue affects Meals & Wheels: from n/a through = 1.1.12...

RedhatCVE•added 2026/03/06 7:54 a.m.•2 views

CVE-2026-27998

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Vixus vixus allows PHP Local File Inclusion.This issue affects Vixus: from n/a through = 1.0.16...

RedhatCVE•added 2026/03/06 7:54 a.m.•4 views

CVE-2026-28047

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech Victo victo allows PHP Local File Inclusion.This issue affects Victo: from n/a through = 1.4.16...

RedhatCVE•added 2026/03/06 7:54 a.m.•5 views

CVE-2026-28056

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX MCKinney's Politics mckinney-politics allows PHP Local File Inclusion.This issue affects MCKinney's Politics: from n/a through = 1.2.8...

RedhatCVE•added 2026/03/06 7:54 a.m.•3 views

CVE-2026-28021

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Craftis craftis allows PHP Local File Inclusion.This issue affects Craftis: from n/a through = 1.2.8...