CVE-2019-15766

The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...

CVE-2019-15775

The nd-learning plugin before 4.8 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...

DEBIAN-CVE-2019-8424

ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter...

CVE-2018-12587

A cross-site scripting XSS vulnerability was found in valeuraddons German Spelling Dictionary v1.3 an Opera Browser add-on. Instead of providing text for a spelling check, remote attackers may inject arbitrary web script or HTML via the ajax query parameter in the URL Address Bar...

DokuWiki Reflection File Download Vulnerability

DokuWiki is a German software developer Andreas Gohr developed a PHP-based Wiki engine , it is mainly used for small and medium-sized team and personal website knowledge base management , and provides version control , full-text search and permission control and other functions . A security...

SQL Injection Vulnerability in Hanchao B2B2C Multi-User Mall System

Hanchao B2B2C multi-user mall system is a PHP multi-user mall website system source code developed in PHP + MySQL. Hanchao B2B2C multi-user mall system Shopid parameter, ajaxshopinfo method SQL injection vulnerability exists because the system fails to strictly filter the parameters provided by t...

SQL injection vulnerability in mallbuilder frontend cate_show_ajax.php page

MallBuilder is a multi-user online shopping mall solution system based on PHP+MYSQL. A SQL injection vulnerability exists in the mallbuilder v7.3.4 frontend cateshowajax.php page due to a lack of filtering of the '$catid' parameter, which allows an attacker to exploit the vulnerability to obtain...