Lucene search
K

65 matches found

OSV
OSV
added 2025/12/17 11:15 p.m.4 views

CVE-2023-53926

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

8.7CVSS5.9AI score0.0051EPSS
Exploits1References3
NVD
NVD
added 2025/12/17 11:15 p.m.21 views

CVE-2023-53926

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

9.8CVSS0.0051EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/17 10:44 p.m.5 views

CVE-2023-53926 PHPJabbers Simple CMS 5.0 SQL Injection via Column Parameter

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

9.8CVSS7.6AI score0.0051EPSS
Exploits1References3
CVE
CVE
added 2025/12/17 10:44 p.m.19 views

CVE-2023-53926

CVE-2023-53926 affects PHPJabbers Simple CMS 5.0. A SQL injection in the 'column' parameter of the index.php endpoint can allow remote attackers to manipulate queries and potentially extract or modify database information. The vulnerability is documented across multiple sources (including RH, NVD...

9.8CVSS7.6AI score0.0051EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/17 10:44 p.m.26 views

CVE-2023-53926 PHPJabbers Simple CMS 5.0 SQL Injection via Column Parameter

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

9.8CVSS0.0051EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.6 views

PT-2025-51964

Name of the Vulnerable Software and Affected Versions PHPJabbers Simple CMS version 5.0 Description The software contains a SQL injection issue in the 'column' parameter. Attackers can inject crafted SQL payloads through the 'column' parameter in the ''index.php'' endpoint to potentially extract ...

9.8CVSS7.5AI score0.0051EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.10 views

PHPJabbers Simple CMS SQL注入漏洞

PHPJabbers Simple CMS is a PHPJabbers open source content management system. A SQL injection vulnerability exists in PHPJabbers Simple CMS version 5.0, which originates from a SQL injection in the column parameter of the index.php endpoint, which may result in database information being extracted...

9.8CVSS7.7AI score0.0051EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-27146

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-40279

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00659EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-40278

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00388EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/13 7:25 a.m.9 views

CVE-2025-5801

The Digital Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘column’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS5AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2025/09/11 8:15 a.m.11 views

CVE-2025-5801

The Digital Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘column’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS0.00271EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/11 7:24 a.m.2 views

CVE-2025-5801 Digital Events Calendar <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via column Parameter

The Digital Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘column’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS4.7AI score0.00271EPSS
Exploits0References3
CVE
CVE
added 2025/09/11 7:24 a.m.26 views

CVE-2025-5801

CVE-2025-5801 refers to a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Digital Events Calendar” up to version 1.0.8. The issue stems from insufficient input sanitization and output escaping of the column parameter, allowing an authenticated attacker (Contributor level ...

6.4CVSS4.7AI score0.00271EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/11 7:24 a.m.8 views

CVE-2025-5801 Digital Events Calendar <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via column Parameter

The Digital Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘column’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS0.00271EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.7 views

PT-2025-37121

The Digital Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘column’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS5AI score0.00271EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.4 views

PT-2025-36470

Name of the Vulnerable Software and Affected Versions: FoxCMS versions prior to 1.2.6 Description: FoxCMS is susceptible to a SQL Injection issue through the column model parameter located in the app/admin/controller/Column.php file. Recommendations: Update FoxCMS to version 1.2.6 or later...

7.3CVSS7.3AI score0.00201EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 5:31 a.m.8 views

CVE-2023-6987

The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6.4AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:0 a.m.6 views

CVE-2023-36311

There is a SQL injection SQLi vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0...

9.8CVSS7.9AI score0.00659EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:43 p.m.3 views

CVE-2021-39413

Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...

6.1CVSS6.4AI score0.0081EPSS
Exploits1References1
Rows per page
Query Builder