Lucene search
K

407 matches found

CVE
CVE
added 2026/02/22 1:34 p.m.19 views

CVE-2019-25433

XOOPS CMS 2.5.9 contains an SQL injection in gerar_pdf.php via the cid parameter that allows unauthenticated attackers to manipulate database queries and extract sensitive information. The vulnerability is triggered by special cid values in GET requests. Affected component: gerar_pdf.php in XOOPS...

8.8CVSS5.9AI score0.00262EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/22 12:0 a.m.11 views

XOOPS CMS SQL注入漏洞

XOOPS CMS is a modular content management system developed by the XOOPS company. Version XOOPS CMS 2.5.9 has a SQL injection vulnerability. This vulnerability stems from the cid parameter being susceptible to SQL injections, which may allow unverified attackers to manipulate database queries...

8.8CVSS5.8AI score0.00262EPSS
Exploits0References4
OSV
OSV
added 2026/01/28 12:15 p.m.5 views

CVE-2025-59892

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

8CVSS5.9AI score0.00127EPSS
Exploits0References1
CVE
CVE
added 2026/01/28 11:52 a.m.13 views

CVE-2025-59892

Cross-Site Request Forgery (CSRF) vulnerability affecting Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. Root cause: lack of proper CSRF token implementation allows an authenticated user to cause actions on behalf of another user. Practical impact includes unauthentica...

8.5CVSS6AI score0.00127EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/01/28 11:52 a.m.3 views

CVE-2025-59892

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

8.5CVSS6AI score0.00127EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/01/28 11:52 a.m.5 views

EUVD-2025-206490

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

8.5CVSS6AI score0.00127EPSS
Exploits0References1
OSV
OSV
added 2026/01/09 12:15 a.m.4 views

CVE-2026-0733

A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack remotely. The exploi...

8.8CVSS5.7AI score0.00357EPSS
Exploits1References7
NVD
NVD
added 2026/01/09 12:15 a.m.10 views

CVE-2026-0733

A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack remotely. The exploi...

8.8CVSS0.00357EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/01/08 11:32 p.m.31 views

CVE-2026-0733 PHPGurukul Online Course Registration System manage-students.php sql injection

A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack remotely. The exploi...

6.5CVSS0.00357EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.7 views

PT-2026-1840

Name of the Vulnerable Software and Affected Versions phpgurukul Hostel Management System version 2.1 Description The application stores user-provided complaint data, specifically the 'Explain the Complaint' field submitted through the /register-complaint.php endpoint, without proper output...

8.7CVSS7.2AI score0.00261EPSS
Exploits1References5
CNVD
CNVD
added 2025/10/23 12:0 a.m.13 views

ChanCMS /cms/article/update file SQL injection vulnerability

ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of the parameter cid in the file /cms/article/update for externally entered SQL statements. An attacker can exploit this vulnerability t...

7.2CVSS8.2AI score0.00575EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/18 2:26 p.m.13 views

CVE-2025-11903

A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing a manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. Th...

7.2CVSS6.3AI score0.00575EPSS
Exploits1References1
OSV
OSV
added 2025/10/17 2:15 p.m.4 views

CVE-2025-11903

A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing a manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. Th...

7.2CVSS5.7AI score0.00575EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/10/17 2:2 p.m.8 views

CVE-2025-11903 yanyutao0402 ChanCMS update sql injection

A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing a manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. Th...

6.5CVSS0.00575EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/17 2:2 p.m.4 views

EUVD-2025-34879

A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The...

6.5CVSS6.4AI score0.00575EPSS
Exploits1References6
CVE
CVE
added 2025/10/17 2:2 p.m.14 views

CVE-2025-11903

ChanCMS up to version 3.3.2 has an SQL injection flaw in the /cms/article/update handler caused by unsafely handling the cid parameter. The vulnerability can be exploited remotely and an exploit has been published. Vendor was contacted about the disclosure but did not respond. No remediation deta...

7.2CVSS6.3AI score0.00575EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/10/17 2:2 p.m.10 views

CVE-2025-11902 yanyutao0402 ChanCMS findField sql injection

A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing a manipulation of the argument cid results in sql injection. The attack can be initiated remotely. The exploit is now public an...

6.5CVSS0.00575EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/10/17 2:2 p.m.3 views

CVE-2025-11902 yanyutao0402 ChanCMS findField sql injection

A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing a manipulation of the argument cid results in sql injection. The attack can be initiated remotely. The exploit is now public an...

6.5CVSS6.4AI score0.00575EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2025/10/17 2:2 p.m.5 views

CVE-2025-11902

A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing a manipulation of the argument cid results in sql injection. The attack can be initiated remotely. The exploit is now public an...

7.2CVSS5.4AI score0.00575EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2025/10/17 2:2 p.m.11 views

CVE-2025-11902

ChanCMS

7.2CVSS6.4AI score0.00575EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder