Internet2 Grouper Cross-Site Scripting Vulnerability

Internet2 Grouper is a distributed IT central access management system. A cross-site scripting vulnerability exists in UiV2Public.index in Internet2 Grouper versions 2.2 and 2.3. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the 'code' parameter...

CVE-2018-11722

WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UCKEY' is hard coded...

CVE-2018-8824

modules/bamegamenu/ajaxphpcode.php in the Responsive Mega Menu Horizontal+Vertical+Dropdown Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter...

PrestaShop Responsive Mega Menu Pro Module Code Execution Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. The solution provides a variety of payment methods , short message alerts and product image zoom and other features.Responsive Mega Menu Horizontal + Vertical + Dropdown Pro module is used in which a responsive menu module . A...

CVE-2018-8823

modules/bamegamenu/ajaxphpcode.php in the Responsive Mega Menu Horizontal+Vertical+Dropdown Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter...

CMS Made Simple Remote Code Execution Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A remote code execution vulnerability exists in CM...

PT-2017-18617 · Cms Made Simple · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.1.6 Description: The issue allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to "admin/editusertag.php", related to the CreateTagFunction and CallUserTag functions. The...

CouponPHP CMS 3.1 - code Parameter SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: CouponPHP Script v3.1 - SQL Injection Google Dork: N/A Date: 27.03.2017 Vendor Homepage: http://couponphp.com/ Software: http://couponphp.com/demos Demo: http://newdemo2.couponphp.com Demo: http://newdemo3.couponphp.com Version:...

Reflective cross-site scripting vulnerability in multiple parameters of DuoDuo Rebate System V8.3_UTF8 official version

DuoDuo rebate system is for e-commerce rebate, shopping guide to provide solutions, is the open source PHP rebate site system. DuoDuoRebate.com system V8.3UTF8 official version February 10, 2017 There is a reflective cross-site scripting vulnerability. Due to the code parameter , ddusername...

SQL Injection Vulnerability in DMCODE Parameter of Beijing Imagine Star Cloud Service Center System with Book Discs

The Cloud Service Center System of Imagine Star accompanying CD-ROM is a system platform for the management of accompanying CD-ROM for libraries, archives, electronic reading rooms and other departments. There is a SQL injection vulnerability in the DMCODE parameter of the Beijing Imagine Star Bo...

SQL Injection Vulnerability in the Code Parameter of the Public Retrieval System /opac_two/detail Page of Beijing Chuangxun Future Software Technology Co.

Beitronix Library Public Access System is a system-integrated WEB system for the library industry. There is a SQL injection vulnerability in this product, the vulnerability URL is: /opactwo/detail?code=&name=, the code parameter exists to inject, the attacker can use the vulnerability to obtain t...

方维订餐系统 tuan.php code参数SQL注入漏洞

No description provided by source...

CVE-2015-7377

Cross-site scripting XSS vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaioncode parameter in a pie-register page to the default URI...

CVE-2014-9254

Mode C The CVE affects MiniBB 3.1 prior to 2014-11-27. The vulnerability is a SQL injection in the bb_func_unsub.php code path exposed through the unsubscribe action, caused by an unanchored regular expression in preg_match that inaccurately validates the code parameter. This allows remote attack...

CVE-2014-9100

Cross-site scripting XSS vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydoworkadsense page to wp-admin/options-general.php...

Design/Logic Flaw

The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWEDMODES and ALLOWEDDIRS changes within the co...

PHP-Barcode 0.3pl1 Remote Code Execution

No description provided by source. PHP-Barcode 0.3pl1 Remote Code Execution The input passed to the code parameter is not sanitized and is used on a popen function. This allows remote command execution and also allows to see environment vars: Windows...

PT-2006-4419 · Invision · Invision Power Board

Name of the Vulnerable Software and Affected Versions: Invision Power Board version 1.3 Final Description: The issue concerns SQL injection vulnerabilities that could allow remote attackers to execute arbitrary SQL commands. This is allegedly possible via the CODE parameter in certain actions in...