CVE-2023-25206

PrestaShop wsproductreviews 3.6.2 is vulnerable to SQL Injection...

CVE-2020-25206

The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafte...

CVE-2025-25206

eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. This could lead to privilege escalation if...

CVE-2025-25206

creationtimestamp| type| source ---|---|--- 2025-02-14 17:15:50+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li5pdrcbmx2e 2025-02-14 18:45:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3li5udaknd222 2025-02-14 18:48:53+00:00| seen|...

CVE-2025-25206 Incorrect input validation could allow an authenticated user to read sensitive information

eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. This could lead to privilege escalation if...

CVE-2025-25206

CVE-2025-25206 affects eLabFTW prior to version 5.1.15. The issue is caused by incorrect input validation that could allow an authenticated user to read sensitive information (e.g., login tokens or other data in the database). This could lead to privilege escalation if cookies are enabled (defaul...

CVE-2025-25206 Incorrect input validation could allow an authenticated user to read sensitive information

eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. This could lead to privilege escalation if...

VulnCheck KEV: CVE-2020-25206

The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending...

CVE-2023-25206

creationtimestamp| type| source ---|---|--- 2023-03-14 19:30:29+00:00| seen| https://t.me/cibsecurity/60014...

CVE-2023-25206

PrestaShop wsproductreviews 3.6.2 is vulnerable to SQL Injection...

CVE-2023-25206

PrestaShop wsproductreviews 3.6.2 is vulnerable to SQL Injection...

CVE-2023-25206

CVE-2023-25206 affects PrestaShop ws_productreviews, with versions prior to 3.6.2 vulnerable to SQL injection. Root cause: insecure handling of database queries in ws_productreviews (SQLi). Impact: high confidentiality, integrity, and availability concerns as per CVSS. Remediation: upgrade to ws_...

CVE-2022-25206

creationtimestamp| type| source ---|---|--- 2022-02-15 20:35:51+00:00| seen| https://t.me/cibsecurity/37523...

CVE-2022-25206

A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials...

CVE-2022-25206

CVE-2022-25206 affects Jenkins dbCharts Plugin 0.5.2 and earlier. The root cause is a missing permission check in a form-validation method, which allows users with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials. The vulnerability...

CVE-2022-25206

A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials...

Mimosa Devices Command Injection (CVE-2020-25206)

A command injection vulnerability exists in Mimosa. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

CVE-2021-25206

SourceCodester Responsive Ordering System v1.0 contains an Arbitrary file upload vulnerability that allows an attacker to execute arbitrary code via uploading a file to Product_model.php. The CVE entry CVE-2021-25206 is supported by multiple sources (NVD, Red Hat, CVE list, CNNVD, PRION, etc.). P...

CVE-2020-25206

creationtimestamp| type| source ---|---|--- 2021-07-20 22:33:49+00:00| seen| https://t.me/cibsecurity/26294 2025-10-31 21:02:38+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m4jerlo3ai2e...

CVE-2020-25206

The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafte...