EUVD-2021-23162

Malware in sbrugna...

Complaint Management System in PHP reset-password.php file SQL injection vulnerability

Complaint Management System in PHP is a complaint management system. Complaint Management System in PHP suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the mobileno parameter of user/reset-password.php. An attacker can...

SQL Injection Vulnerability in PbootCMS

PbootCMS is the new core and permanent open source free PHP enterprise web development and construction management system. PbootCMS SQL injection vulnerability , attackers can exploit the vulnerability to obtain sensitive database information...

CVE-2020-25760

Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database...

CVE-2025-46348 YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated...

CVE-2025-46349

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been...

CVE-2025-46347 YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of...

CVE-2025-24019 YesWiki vulnerable to authenticated arbitrary file deletion

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...

CVE-2025-24018 YesWiki Vulnerable to Authenticated Stored XSS

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the conten...

Young Entrepreneur E-Negosyo System 1.0 - SQL Injection Authentication Bypass

Exploit Title: Young Entrepreneur E-Negosyo System 1.0 - SQL Injection Authentication Bypass Date: 2021-10-02 Exploit Author: Jordan Glover Vendor Homepage: https://www.sourcecodester.com/php/12684/young-entrepreneur-e-negosyo-system.html Software Link:...

File Upload Vulnerability in WROMCMS of Shanghai Yanfeng Information Technology Co.

WORMCMS is open source and free PHP enterprise website development and construction management system. Shanghai Yanfeng Information Technology Co., Ltd WROMCMS file upload vulnerability, attackers can use the vulnerability to obtain server control privileges...

HadSky Light Forum program has a file upload vulnerability

HadSky Light Forum program is a personal original PHP system. The HadSky Light Forum program has a file upload vulnerability that can be exploited by attackers to gain control of the server...

Student Enrollment 1.0 - Unauthenticated Remote Code Execution

Exploit Title: Student Enrollment 1.0 - Unauthenticated Remote Code Execution Date: 2020-06-22 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://www.sourcecodester.com/php/14281/online-student-enrollment-system-using-phpmysqli.html Version: 1.0 Tested on: Windows 10 /...

Nuuo NVR PHP System Function Unauthenticated Remote Code Execution (CVE-2016-5675)

A remote code execution was discovered in Nuuo Network Video Recording systems with Network Attached Storage. The vulnerability is due to fails in sanitising by the PHP system function. An unauthenticated attacker may use this vulnerability to execute code on the vulnerable server...

NETGEAR ReadyNAS Surveillance Command Execution

Added: 08/30/2016 CVE: CVE-2016-5674 BID: 92318 Background NETGEAR ReadyNAS Surveillance combines their storage and switching solution NETGEAR ReadyNAS Network Attached Storage system with network video recording software from NUUO to provide an affordable surveillance solution for small...

NETGEAR ReadyNAS Surveillance Command Execution

Added: 08/30/2016 CVE: CVE-2016-5674 BID: 92318 Background NETGEAR ReadyNAS Surveillance combines their storage and switching solution NETGEAR ReadyNAS Network Attached Storage system with network video recording software from NUUO to provide an affordable surveillance solution for small...

Sports PHool <= 1.0 - Remote File Include Exploit

No description provided by source. ?php / Sports PHool = 1.0 Remote File Include Exploit Found and c0ded by cr4wl3r @hackb0x d0rk: no d0rk f0r kiddi0ts Script: http://sourceforge.net/projects/sportsphool/files/ usage: target: http://target/sportsphool/includes/layout/plain.footer.php?mainnav= evi...

tenrok 1.1.0 - File Disclosure / Remote Code Execution

Tenrok 1.1.0 UDD/RCE Multiple Remote Vulnerabilities + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org + Homepage : http://tenrok.com/ + Users Data Disclosure - PoC http://127.0.0.1/userpwd.txt + Remote Command Execution - Must be logged in. - Go to http://127.0.0.1/post.php...

Glossword <= 1.8.11 (index.php x) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ==================================================================== Glossword Glossword 1.8.11 LFI |--CMS INFORMATION: | |--WEB: http://code.google.com/p/glossword/ |--DOWNLOAD: http://code.google.com/p/glossword/downloads/list...

Glossword 1.8.11 - &#039;index.php?x&#039; Local File Inclusion

|--Glossword 1.8.11 LFI |--CMS INFORMATION: | |--WEB: http://code.google.com/p/glossword/ |--DOWNLOAD: http://code.google.com/p/glossword/downloads/list |--DESCRIPTION: Glossword is a system written in PHP to create and publish online multilingual dictionary, glossary, or encyclopedia. | | CMS...