1593 matches found
Sql injection
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/pagedel...
Sql injection
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan...
Sql injection
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/plsave...
Sql injection
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save...
Sql injection
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del...
Sql injection
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save...
CVE-2022-29686
CVE-2022-29686 affects CSCMS Music Portal System v4.2 and is due to a blind SQL injection in the id parameter of the endpoint /admin.php/singer/admin/lists/zhuan. The connected sources consistently describe a SQLi vulnerability that can expose or alter data in the backend; no exploitation details...
CVE-2022-29667
CVE-2022-29667 affects CSCMS Music Portal System v4.2 and involves a SQL injection vulnerability in the path /admin.php/pic/admin/pic/hy, exploitable by restoring deleted photos. Root cause: lack of input validation on the id parameter leading to SQL command execution. Impact is reported as data ...
CVE-2022-29665
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save...
CVE-2022-29661
CVE-2022-29661 affects CSCMS Music Portal System v4.2. It has a blind SQL injection in the id parameter of /admin.php/pic/admin/type/save due to lack of input validation, enabling an attacker to execute SQL statements and potentially exfiltrate data. Root cause: unsanitized id parameter. Impact a...
CVE-2021-40317
Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter...
CVE-2021-40317
Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter...
Sql injection
Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter...
CVE-2021-40317
Piwigo 11.5.0 is affected by a SQL injection via admin.php and the id parameter. Root cause: lack of input validation in the vulnerable query. Impact: potential to execute arbitrary SQL, exposing database data. CVSS data from NVD indicates severity up to HIGH (3.1) / 8.8, with network attack vect...
CSCMS Music Portal System SQL注入漏洞
CSCMS Music Portal System is a diversified content management system of China Chong Sheng Network Technology CSCMS Company. A SQL injection vulnerability exists in the CSCMS Music Portal System due to a lack of validation of the id parameter of /admin.php/user/zudel against externally entered SQL...
Piwigo SQL注入漏洞
Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. A SQL injection vulnerability exists in Piwigo version 11.5.0, which stems from a lack of validation of the id parameter in admin.php...
Sql injection
SQL Injection vulnerability in admin/batchmanager.php in piwigo v2.9.5, via the filtercategory parameter to admin.php?page=batchmanager...
CVE-2020-19217
SQL Injection vulnerability in admin/batchmanager.php in piwigo v2.9.5, via the filtercategory parameter to admin.php?page=batchmanager...
CVE-2020-19216
This CVE (CVE-2020-19216) affects Piwigo 2.9.5, where an SQL injection exists in admin/user_perm.php triggered via the cat_false parameter in admin.php?page=group_perm. The root cause is an injection vulnerability in the admin permission management flow, allowing potentially unauthorized access t...
CVE-2022-27413
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php...