245 matches found
CVE-2019-13598
LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port3480/datarequest because the "No unsafe lua allowed" code block is skipped...
SQL injection vulnerability in Code parameter of website building system of Guangzhou Baiwei Network Technology Co.
Guangzhou Baiwei Network Technology Co., Ltd. is a company dedicated to website construction, enterprise mailbox, domain name space and server, and other service projects. There is a SQL injection vulnerability in the Code parameter of the website building system of Guangzhou Baiwei Network...
CVE-2019-3579
MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter...
PT-2019-16627 · Mybb · Mybb
Name of the Vulnerable Software and Affected Versions: MyBB version 1.8.19 Description: The issue allows remote attackers to obtain sensitive information. This occurs because the software discloses the username when it receives a password-reset request that lacks the code parameter...
CVE-2018-14874
An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injecti...
CVE-2019-9570
An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/systemmanage/save.html URI, related to the sitecode parameter...
CVE-2018-19794
Cross-site scripting XSS vulnerability in UiV2Public.index in Internet2 Grouper 2.2 and 2.3 allows remote attackers to inject arbitrary web script or HTML via the code parameter...
Internet2 Grouper Cross-Site Scripting Vulnerability
Internet2 Grouper is a distributed IT central access management system. A cross-site scripting vulnerability exists in UiV2Public.index in Internet2 Grouper versions 2.2 and 2.3. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the 'code' parameter...
CVE-2018-11722
WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UCKEY' is hard coded...
CVE-2018-8824
modules/bamegamenu/ajaxphpcode.php in the Responsive Mega Menu Horizontal+Vertical+Dropdown Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter...
PrestaShop Responsive Mega Menu Pro Module Code Execution Vulnerability
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. The solution provides a variety of payment methods , short message alerts and product image zoom and other features.Responsive Mega Menu Horizontal + Vertical + Dropdown Pro module is used in which a responsive menu module . A...
CVE-2018-8823
modules/bamegamenu/ajaxphpcode.php in the Responsive Mega Menu Horizontal+Vertical+Dropdown Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter...
CMS Made Simple Remote Code Execution Vulnerability
CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A remote code execution vulnerability exists in CM...
PT-2017-18617 · Cms Made Simple · Cms Made Simple
Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.1.6 Description: The issue allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to "admin/editusertag.php", related to the CreateTagFunction and CallUserTag functions. The...
CouponPHP CMS 3.1 - code Parameter SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: CouponPHP Script v3.1 - SQL Injection Google Dork: N/A Date: 27.03.2017 Vendor Homepage: http://couponphp.com/ Software: http://couponphp.com/demos Demo: http://newdemo2.couponphp.com Demo: http://newdemo3.couponphp.com Version:...
Reflective cross-site scripting vulnerability in multiple parameters of DuoDuo Rebate System V8.3_UTF8 official version
DuoDuo rebate system is for e-commerce rebate, shopping guide to provide solutions, is the open source PHP rebate site system. DuoDuoRebate.com system V8.3UTF8 official version February 10, 2017 There is a reflective cross-site scripting vulnerability. Due to the code parameter , ddusername...
SQL Injection Vulnerability in DMCODE Parameter of Beijing Imagine Star Cloud Service Center System with Book Discs
The Cloud Service Center System of Imagine Star accompanying CD-ROM is a system platform for the management of accompanying CD-ROM for libraries, archives, electronic reading rooms and other departments. There is a SQL injection vulnerability in the DMCODE parameter of the Beijing Imagine Star Bo...
SQL Injection Vulnerability in the Code Parameter of the Public Retrieval System /opac_two/detail Page of Beijing Chuangxun Future Software Technology Co.
Beitronix Library Public Access System is a system-integrated WEB system for the library industry. There is a SQL injection vulnerability in this product, the vulnerability URL is: /opactwo/detail?code=&name=, the code parameter exists to inject, the attacker can use the vulnerability to obtain t...
方维订餐系统 tuan.php code参数SQL注入漏洞
No description provided by source...
CVE-2015-7377
Cross-site scripting XSS vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaioncode parameter in a pie-register page to the default URI...