CVE-2024-51164

CVE-2024-51164 (JEPaaS 7.2.8) is a SQL injection in the endpoint “/je/login/btnLog/insertBtnLog” that could allow a remote attacker to submit a crafted query and retrieve all information stored in the database. Affected product: JEPaaS 7.2.8. The public documents consistently describe the vulnera...

GHSA-GV7V-RGG6-548H Laravel environment manipulation via query string

Description When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. Resolution The framework now ignores argv values for environment detection on...

DEBIAN-CVE-2024-52301

Laravel is a web application framework. When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28,...

CVE-2024-52301

Laravel is a web application framework. When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28,...

CVE-2024-52301 Laravel allows environment manipulation via query string

Laravel is a web application framework. When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28,...

Laravel 参数注入漏洞

Laravel is a web application framework from the Laravel community. A parameter injection vulnerability exists in Laravel. An attacker exploiting this vulnerability can call any URL using a specially crafted query string...

UBUNTU-CVE-2024-50340

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...

CVE-2024-10287

Cross-Site Scripting XSS vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName...

CVE-2024-10288 Cross-Site Scripting (XSS) vulnerability in LocalServer

Cross-Site Scripting XSS vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/SubscribeToList, parameter ListName...

CVE-2024-10287 Cross-Site Scripting (XSS) vulnerability in LocalServer

Cross-Site Scripting XSS vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName...

CVE-2024-10287 Cross-Site Scripting (XSS) vulnerability in LocalServer

Cross-Site Scripting XSS vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName...

CVE-2024-10287

CVE-2024-10287 describes a Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9. A remote attacker can craft a query to an authenticated user via the /mlss/ForgotPassword endpoint, abusing the ListName parameter to steal session details. The CVSS v3.1 base score is 6.1 (Medium), w...

CVE-2024-10286 Cross-Site Scripting (XSS) vulnerability in LocalServer

Cross-Site Scripting XSS vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /testmail/index.php, parameter to...

CVE-2024-10286 Cross-Site Scripting (XSS) vulnerability in LocalServer

Cross-Site Scripting XSS vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /testmail/index.php, parameter to...

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2024-37529)

Summary If you use IBM® Db2® as your database in your IBM Datacap deployment, please follow the Db2 security bulletin referred in the Title to remedy the vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

CVE-2024-9925 SQL injection in QPLANT by TAI Smart Factory

SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially crafted SQL query to the ‘email’ parameter on the ‘RequestPasswordChange’ endpoint...

CVE-2024-9574 SQL Injection vulnerability in SOPlanning

SQL injection vulnerability in SOPlanning 1.45, via /soplanning/www/usergroupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...

CVE-2024-9574 SQL Injection vulnerability in SOPlanning

SQL injection vulnerability in SOPlanning 1.45, via /soplanning/www/usergroupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...

CVE-2024-9574

SOPlanning CVE-2024-9574 affects SOPlanning versions before 1.45. The vulnerability is a SQL injection in the by parameter of /soplanning/www/user_groupes.php, allowing remote attackers to submit crafted queries and retrieve all data from the database. Root cause is improper input handling in the...

CVE-2024-45815

A flaw was found in the backstage/plugin-catalog-backend package. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. Mitigation Mitigation for this issue...