CVE-2026-7389 EyouCMS common.php GetSortData sql injection

A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sortasc leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly an...

CVE-2026-7389

EyouCMS (up to 1.7.9) is affected by a SQL injection in GetSortData (application/common.php) caused by manipulating the sort_asc argument. The vulnerability can be triggered remotely and its exploit has been publicly disclosed; the project owner was informed via issue reports but has not responde...

EUVD-2011-1946

Malware in sbrugna...

EUVD-2007-3346

Malware in sbrugna...

EUVD-2007-2091

Malware in sbrugna...

EUVD-2023-12921

Malicious code in bioql PyPI...

wenkucms 操作系统命令注入漏洞

wenkucms is a content management system by mirweiye personal developer. An OS command injection vulnerability exists in wenkucms 3.4 and earlier versions, which originates from a misuse of the function createPathOne in the file app/common/common.php, which could lead to a remote command injection...

CVE-2025-50722

Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component...

SparkShop 安全漏洞

SparkShop is a mall system in China SparkShop open source. A security vulnerability exists in SparkShop version 1.1.7, which stems from improperly set permissions on the Common.php component and could lead to arbitrary code execution...

CVE-2025-50722

CVE-2025-50722 affects SparkShop v1.1.7. The vulnerability arises from insecure permissions on the Common.php component, enabling a remote attacker to execute arbitrary code. The CVSSv3.1 base score is 9.8 (CRITICAL) with network access, no authentication, and no user interaction required; impact...

CVE-2024-12845

A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Affected by this vulnerability is an unknown functionality in the library /include/lib/common.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has...

Qibosoft QiboCMS 安全漏洞

Qibosoft QiboCMS is an application software from China Qibosoft Qibosoft company. A website builder CMS. A security vulnerability exists in Qibosoft QiboCMS version X1.0, which originates from the ability to retrieve sensitive information by directly retrieving the URL request response content vi...

CVE-2024-0648

A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. This vulnerability affects unknown code of the file /app/index/controller/Common.php. The manipulation of the argument templateFile leads to unrestricted upload. The attack can be initiated remotely. The exploit...

CVE-2024-12845 Emlog Pro common.php cross site scripting

A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Affected by this vulnerability is an unknown functionality in the library /include/lib/common.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has...

PT-2024-17764 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions up to 2.4.1 Description: A problematic vulnerability was found in Emlog Pro, affecting an unknown functionality in the library /include/lib/common.php. The manipulation of the msg argument leads to cross site scripting. The...

CVE-2024-40425

File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component...

CVE-2024-40425

The CVE-2024-40425 issue affects Spark Mall B2C Mall (Sparkshop) versions ≤ 1.1.6. The root cause is a file-upload vulnerability in the controller/common.php component that allows remote code execution. Impact is described as remote arbitrary code execution with high severity. While the public do...

CVE-2024-40425

File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component...

CVE-2024-0988 Sichuan Yougou Technology KuERP common.php checklogin improper authentication

A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this vulnerability is the function checklogin of the file /application/index/common.php. The manipulation of the argument AppUserid/AppuserToken leads to improper authentication. The explo...

CVE-2024-0988 Sichuan Yougou Technology KuERP common.php checklogin improper authentication

A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this vulnerability is the function checklogin of the file /application/index/common.php. The manipulation of the argument AppUserid/AppuserToken leads to improper authentication. The explo...