ihsan sencan vulnerabilities and exploits

7.5
CVSSv2
CVE-2017-15982

Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing....

4.3
CVSSv2
CVE-2017-17649

Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter....

7.5
CVSSv2
CVE-2017-17611

Doctor Search Script 1.0 has SQL Injection via the /list city parameter....

7.5
CVSSv2
CVE-2017-17609

Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter....

6.5
CVSSv2
CVE-2017-15957

my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file....

7.5
CVSSv2
CVE-2018-6576

SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter....

EzcodeEvent Manager
7.5
CVSSv2
CVE-2017-15962

iStock Management System 1.0 allows Arbitrary File Upload via user/profile....

7.5
CVSSv2
CVE-2018-5988

SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php....

Flexible Poll ProjectFlexible Poll
7.5
CVSSv2
CVE-2017-17618

Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter....

7.5
CVSSv2
CVE-2017-15986

CPA Lead Reward Script allows SQL Injection via the username parameter....