CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

RedhatCVE•added 2025/05/22 3:45 p.m.•6 views

CVE-2020-20692

GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $GET parameter in /src/core/controllers/cm.php...

7.2CVSS8.3AI score0.00255EPSS

Exploits1

NVD•added 2022/05/11 2:15 p.m.•12 views

CVE-2022-28078

Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting XSS vulnerability in the Admin panel via the $GET'page' parameter...

6.1CVSS0.01433EPSS

Exploits1References2

CVE•added 2022/05/11 1:53 p.m.•69 views

CVE-2022-28077

CVE-2022-28077 affects Home Owners Collection Management v1. The vulnerability is a reflected XSS in the Admin panel via the $_GET['s'] parameter, caused by lack of input validation/filtering and output of unsanitized data. Impact described as client-side JavaScript execution in affected sessions...

6.1CVSS6AI score0.00288EPSS

Exploits2References2Affected Software1

NVD•added 2021/09/27 10:15 p.m.•8 views

CVE-2020-20692

GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $GET parameter in /src/core/controllers/cm.php...

7.2CVSS0.00255EPSS

Exploits1References2

Cvelist•added 2021/09/27 9:34 p.m.•10 views

CVE-2020-20692

GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $GET parameter in /src/core/controllers/cm.php...

7.2AI score0.00255EPSS

Exploits1References2

CVE•added 2021/09/27 9:34 p.m.•42 views

CVE-2020-20692

CVE-2020-20692 affects GilaCMS v1.11.4 with a SQL injection via the $_GET parameter in /src/core/controllers/cm.php . Root cause: improper handling of user input enabling SQL injection. NVD metrics (CVSSv3.1) show base score 7.2 (HIGH), network attack, low complexity, privileges required: HIGH, n...

7.2CVSS7.2AI score0.00255EPSS

Exploits1References2Affected Software1

CVE•added 2020/08/24 2:8 p.m.•37 views

CVE-2020-19879

DBHcms v1.2.0 is vulnerable to a stored cross-site scripting (XSS) due to lack of input filtering on $_GET['dbhcms_pid'] in dbhcms\page.php (line 107). CVE-2020-19879 has CVSS v2 base 4.3 (NETWORK, MEDIUM) and CVSS v3.1 base 6.1 (NETWORK, MEDIUM) with user interaction required. Exploitation detai...

6.1CVSS6.2AI score0.0024EPSS

Exploits1References1Affected Software1

Veracode•added 2017/07/19 9:3 p.m.•15 views

SQL Injection

Subrion is vulnerable to SQL Injection attacks. The library does not have any checking for user input through the $GET parameter in /front/search.php, allowing a malicious user to inject and execute arbitrary SQL...

9.8CVSS10AI score0.82165EPSS

Exploits1References1Affected Software1

Cvelist•added 2017/07/18 5:0 a.m.•14 views

CVE-2017-11413

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/apparticle/controller/commentstatus.php via $GET'id'...

9.9AI score0.00271EPSS

Exploits0References1

seebug.org•added 2013/11/24 12:0 a.m.•22 views

ThinkSNS getshell一枚

简要描述： ThinkSNS某处处理不当导致get shell 详细说明： \apps\public\Lib\Action\CommentAction.class.php reply函数 public function reply $var = $GET; $var'initNums' = model'Xdata'-getConfig'weibonums', 'feed'; $var'commentInfo' = model'Comment'-getCommentInfo$var'commentid', false; $var'canrepost' =...

7.1AI score

Exploits0

securityvulns•added 2005/06/14 12:0 a.m.•25 views

singapore v0.9.11 cross site scripting and path disclosure

Because of singapores heavy use of classes it has multiple path disclosure occurences. The following pages all produced class related errors when navigating directly to them in your browser. gallery/includes/admin.class.php templates/admindefault/ all the .tpl.php files templates/default/ all the...

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by