This archive contains all of the 162 exploits added to Packet Storm in April, 2021.

The Custom JS plugin version 0.1 for GetSimple CMS suffers from a cross site request forgery vulnerability that allows remote unauthenticated attackers to inject arbitrary client-side code into authenticated administrators…

Voting System version 1.0 suffers from remote time-based SQL injection vulnerability.

TYPO3 version 6.2.1 suffers from a remote SQL injection vulnerability.

Gadget Works Online Ordering System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Gadget Works Online Ordering System version 1.0 remote SQL injection to remote code execution exploit.

GitLab Community Edition (CE) version 13.10.3 suffers from multiple user enumeration vulnerabilities.

Epic Games Rocket League versions 1.95 and below suffer from an insecure permissions vulnerability.

Epic Games Rocket League version 1.95 suffers from a stack-based buffer overflow vulnerability. The issue is caused due to a boundary error in the processing of a UPK format file,…

This Metasploit module exploits an issue in the V8 engine on x86_x64 builds of Google Chrome versions prior to 89.0.4389.128/90.0.4430.72 when handling XOR operations in JIT’d JavaScript code. Successful exploitation…