65 matches found
CVE-2023-53926
PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...
CVE-2023-53926
PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...
CVE-2023-53926 PHPJabbers Simple CMS 5.0 SQL Injection via Column Parameter
PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...
CVE-2023-53926
CVE-2023-53926 affects PHPJabbers Simple CMS 5.0. A SQL injection in the 'column' parameter of the index.php endpoint can allow remote attackers to manipulate queries and potentially extract or modify database information. The vulnerability is documented across multiple sources (including RH, NVD...
CVE-2023-53926 PHPJabbers Simple CMS 5.0 SQL Injection via Column Parameter
PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...
PT-2025-51964
Name of the Vulnerable Software and Affected Versions PHPJabbers Simple CMS version 5.0 Description The software contains a SQL injection issue in the 'column' parameter. Attackers can inject crafted SQL payloads through the 'column' parameter in the ''index.php'' endpoint to potentially extract ...
PHPJabbers Simple CMS SQL注入漏洞
PHPJabbers Simple CMS is a PHPJabbers open source content management system. A SQL injection vulnerability exists in PHPJabbers Simple CMS version 5.0, which originates from a SQL injection in the column parameter of the index.php endpoint, which may result in database information being extracted...
EUVD-2025-27146
Malicious code in bioql PyPI...
EUVD-2023-40279
Malicious code in bioql PyPI...
EUVD-2023-40278
Malicious code in bioql PyPI...
CVE-2025-5801
The Digital Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘column’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-5801
The Digital Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘column’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-5801 Digital Events Calendar <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via column Parameter
The Digital Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘column’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-5801
CVE-2025-5801 refers to a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Digital Events Calendar” up to version 1.0.8. The issue stems from insufficient input sanitization and output escaping of the column parameter, allowing an authenticated attacker (Contributor level ...
CVE-2025-5801 Digital Events Calendar <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via column Parameter
The Digital Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘column’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
PT-2025-37121
The Digital Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘column’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
PT-2025-36470
Name of the Vulnerable Software and Affected Versions: FoxCMS versions prior to 1.2.6 Description: FoxCMS is susceptible to a SQL Injection issue through the column model parameter located in the app/admin/controller/Column.php file. Recommendations: Update FoxCMS to version 1.2.6 or later...
CVE-2023-6987
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2023-36311
There is a SQL injection SQLi vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0...
CVE-2021-39413
Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...