| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| EA Origin < 10.5.38 - Remote Code Execution Vulnerability | 22 Jun 201900:00 | – | zdt | |
| dotProject 2.1.9 - SQL Injection Vulnerability | 26 Jun 201900:00 | – | zdt | |
| Electronic Arts Origin Client Remote Code Injection (CVE-2019-11354) | 5 Mar 202000:00 | – | checkpoint_advisories | |
| CVE-2019-11354 | 19 Apr 201921:29 | – | cvelist | |
| EA Origin 10.5.38 - Remote Code Execution | 21 Jun 201900:00 | – | exploitpack | |
| Talking about the URI Schemes of use-vulnerability warning-the black bar safety net | 28 May 201900:00 | – | myhack58 | |
| CVE-2019-11354 | 19 Apr 201922:29 | – | nvd | |
| CVE-2019-11354 | 19 Apr 201922:29 | – | osv | |
| dotProject 2.1.9 SQL Injection | 24 Jun 201900:00 | – | packetstorm | |
| EA Origin Remote Code Execution | 21 Jun 201900:00 | – | packetstorm |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| title | path | origin2://game/launch | Template injection vulnerability in Origin2 URI handler enabling potential RCE via crafted title/offerIds parameters | CWE-74 |
| offerIds | path | origin2://game/launch | Template injection vulnerability in Origin2 URI handler enabling potential RCE via crafted title/offerIds parameters | CWE-74 |
| title | query param | origin://game/launch/?offerIds=0&title={{7*7}} | Angular template injection via origin URI parameters to trigger code execution pathways | CWE-74 |
| offerIds | query param | origin://game/launch/?offerIds=0&title={{7*7}} | Angular template injection via origin URI parameters to trigger code execution pathways | CWE-74 |
| dosql | request body | dotProject-2.1.9/index.php?m=calendar | SQL injection PoC in calendar POST endpoint (event_id and dosql parameters) | CWE-74 |
| event_id | request body | dotProject-2.1.9/index.php?m=calendar | SQL injection PoC in calendar POST endpoint (event_id and dosql parameters) | CWE-74 |
| event_project | request body | dotProject-2.1.9/index.php?m=calendar | SQL injection PoC in calendar POST endpoint (event_id and dosql parameters) | CWE-74 |
| event_title | request body | dotProject-2.1.9/index.php?m=calendar | SQL injection PoC in calendar POST endpoint (event_id and dosql parameters) | CWE-74 |
| event_description | request body | dotProject-2.1.9/index.php?m=calendar | SQL injection PoC in calendar POST endpoint (event_id and dosql parameters) | CWE-74 |
| event_start_date | request body | dotProject-2.1.9/index.php?m=calendar | SQL injection PoC in calendar POST endpoint (event_id and dosql parameters) | CWE-74 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation