39 matches found
PT-2025-4587 · Wegia · Wegia
Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.8 Description: A Reflected Cross-Site Scripting XSS issue was identified in the "home.php" endpoint of the WeGIA application. This issue allows attackers to inject malicious scripts in the msg c parameter...
CVE-2025-22139 WeGIA Cross-Site Scripting (XSS) Reflected endpoint `configuracao_geral.php` parameter `msg`
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the configuracaogeral.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed ...
PT-2023-32075 · Unknown · Sourcecodester Online Computer/Laptop Store
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical vulnerability was found in the SourceCodester Online Computer and Laptop Store. The issue affects an unknown functionality of the file products.php. The...
PT-2023-7918 · L Soft · Listserv 17
Name of the Vulnerable Software and Affected Versions: LISTSERV 17 web interface Description: A cross-site scripting XSS issue in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter. This can be exploited by a remote attacker to conduct...
CVE-2021-39599
Multiple Cross Site Scripting XSS vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in 1 public/search.php and in the 2 c parameter in admin.php...
Sql injection
Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php aka p=products via the c or s parameter...
PT-2023-11537 · Mpv +1 · Mpv +1
Name of the Vulnerable Software and Affected Versions: MPV version 0.29.1 Description: The issue allows attackers to execute arbitrary code and crash the program via the ao c parameter. Recommendations: For MPV version 0.29.1, update to version 0.30 to resolve the issue. As a temporary workaround...
CVE-2019-13472
PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the index.php file...
CVE-2019-13472
PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the index.php file...
FreshRSS Cross-Site Scripting Vulnerability
FreshRSS is an open source, self-hosted RSS aggregator with support. A cross-site scripting vulnerability exists in FreshRSS version 1.11.1. A remote attacker can exploit the vulnerability to inject arbitrary web script or HTML with the help of 'c' or 'a' parameter...
YzmCMS Cross-Site Scripting Vulnerability
YzmCMS is an open source CMS Content Management System developed by Chinese programmer Yuan Zhimeng. A cross-site scripting vulnerability exists in YzmCMS. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML with the help of 'a', 'c' or 'm' parameters...
phpBB Minerva Mod SQL Injection Vulnerability
phpBB is a popular forum program. A SQL injection vulnerability exists in phpBB Minerva Mod, which allows remote attackers to inject malicious sql commands via the vulnerable 'c' parameter to corrupt web applications or dbms...
Dropbear SSH Arbitrary Code Execution Vulnerability
Dropbear is a relatively small SSH server and client. An arbitrary code execution vulnerability exists in Dropbear dbclient, which can be exploited by a remote attacker to execute arbitrary code when a local dbclient user enters a specific -m or -c parameter...
CVE-2015-2209
DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php...
DLGuard 4.5 Path Disclosure
DLGuard Full Path Disclosure Information Leakage Security Vulnerabilities Exploit Title: DLGuard /index.php c parameter Full Path Disclosure Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v4.5 Tested Version: v4.5 Advisory Publication: Feb 18, 2015 Latest Update: F...
Sql injection
Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to 1 copy2.php, 2 localize.php, 3 metai.php, 4 nc.php, 5 new2.php, or 6 rename2.php in u5admin/; 7 c parameter to u5admin/editor.php; 8 typ parameter to...
PT-2010-1396 · Maxdev · Mforum
Name of the Vulnerable Software and Affected Versions: MDForum module versions 2.x through 2.07 for MAXdev MDPro Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the c parameter in the "index.php" endpoint. Recommendations: For MDFor...
CVE-2007-1962
SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action...
CVE-2006-1638
Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 Username parameter to a accounts.php, b changep.php, c editac.php, d feedback.php, e fpass.php, f login.php, g post.php, h reply.php, or i replylog.php; 2 p parameter to j...