CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7212 matches found

NVD•added 2024/09/26 11:15 a.m.•17 views

CVE-2024-8704

The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fmalocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrar...

7.2CVSS0.00855EPSS

Exploits0References3

Packet Storm•added 2024/09/24 12:0 a.m.•212 views

Car Rental Project 1.0 Code Injection

============================================================================================================================================= | Title : Car Rental Project 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0...

7.4AI score

Exploits0

VulnCheck KEV•added 2024/09/22 12:0 a.m.•0 views

VulnCheck KEV: CVE-2024-7954

The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...

9.8CVSS6.5AI score0.89783EPSS

Exploits10References1

GithubExploit•added 2024/09/20 7:54 p.m.•300 views

Exploit for OS Command Injection in Dolibarr Dolibarr_Erp\/Crm

CVE-2023-3025...

8.8CVSS9.1AI score0.79195EPSS

Exploits16

Packet Storm•added 2024/09/17 12:0 a.m.•220 views

Membership Management System 1.0 Code Injection

============================================================================================================================================= | Title : Membership Management System version 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

7.4AI score

Exploits0

Packet Storm•added 2024/09/17 12:0 a.m.•205 views

SPIP BigUp 4.0 Code Injection

============================================================================================================================================= | Title : SPIP BigUp 4.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bi...

7.4AI score

Exploits0

Packet Storm•added 2024/09/13 12:0 a.m.•251 views

Auto/Taxi Stand Management System 1.0 PHP Code Injection

============================================================================================================================================= | Title : Auto/Taxi Stand Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...

7.4AI score

Exploits0

Packet Storm•added 2024/09/12 12:0 a.m.•418 views

SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP BigUp Plugin Unauthenticated RCE', 'Description' = %q This module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP...

9.8CVSS7AI score0.94618EPSS

Exploits7

Metasploit•added 2024/09/11 6:54 p.m.•753 views

SPIP BigUp Plugin Unauthenticated RCE

This module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the listerfichiersparchamps function, which is triggered when the bigupretrouverfichiers parameter is set to any value. By exploiting the improper handling of multipart form data in...

9.8CVSS9.6AI score0.94618EPSS

Exploits7

Packet Storm•added 2024/09/11 12:0 a.m.•343 views

Profiling System 1.0 Shell Upload

============================================================================================================================================= | Title : Profiling System 1.0 code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64...

7.4AI score

Exploits0

Packet Storm•added 2024/09/10 12:0 a.m.•286 views

Online Marriage Registration System 1.0 Shell Upload

============================================================================================================================================= | Title : Online Marriage Registration System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

7.4AI score

Exploits0

Packet Storm•added 2024/09/10 12:0 a.m.•229 views

Beauty Parlour Management System 1.0 SQL Injection / Code Execution

============================================================================================================================================= | Title : Beauty Parlour Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score

Exploits0

Packet Storm•added 2024/09/10 12:0 a.m.•334 views

Prison Management System 1.0 Add Administrator

============================================================================================================================================= | Title : Prison Management System v1.0 Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3...

7.4AI score

Exploits0

OSV•added 2024/09/09 8:15 p.m.•2 views

CVE-2024-44724

AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsiteurl parameter at /admin/siteadd.php. This vulnerability allows attackers to execute arbitrary PHP code via injecting a crafted value...

7.2CVSS6AI score

Exploits0References1

NVD•added 2024/09/09 8:15 p.m.•11 views

CVE-2024-44724

7.2CVSS0.00568EPSS

Exploits1References1

Vulnrichment•added 2024/09/09 12:0 a.m.•11 views

CVE-2024-44724

8.4AI score0.00568EPSS

Exploits1References1

Cvelist•added 2024/09/09 12:0 a.m.•20 views

CVE-2024-44724

0.00568EPSS

Exploits1References1

CVE•added 2024/09/09 12:0 a.m.•63 views

CVE-2024-44724

AutoCMS v5.4 is affected by a PHP code injection vulnerability exposed via the txtsite_url parameter in /admin/site_add.php. Exploitation allows executing arbitrary PHP code, as described across multiple sources (e.g., Red Hat and CNNVD entries). The issue is tied to an input parameter in the API...

7.2CVSS8.1AI score0.00568EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2024/09/04 2:33 a.m.•15 views

CVE-2024-7950 WP Job Portal <= 2.1.6 - Missing Authorization to Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function...

9.8CVSS8.1AI score0.01197EPSS

Exploits0References8

Packet Storm•added 2024/09/03 12:0 a.m.•1065 views

SPIP 4.2.9 Code Execution

============================================================================================================================================= | Title : SPIP 4.2.9 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by