Server-Side Request Forgery (SSRF)

Umbraco CMS is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of the baseUrl parameter in dashboard and help controller endpoints, which allows an attacker to craft requests that force the server to make unauthorized requests to external hosts...

CVE-2025-11461

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1...

EUVD-2025-199743

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1...

CVE-2025-11461

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1...

CVE-2025-11461

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1...

CVE-2025-11461 Frappe CRM 1.53.1 — Multiple SQL Injections in Dashboard Controller

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1...

CVE-2025-11461

CVE-2025-11461 affects Frappe CRM 1.53.1. The vulnerability is multiple SQL injections in the Dashboard Controller caused by unsafe concatenation of user-controlled parameters into dynamic SQL statements. Red Hat and EUVD entries confirm the same description. Connected documents do not specify a ...

CVE-2025-11461 Frappe CRM 1.53.1 — Multiple SQL Injections in Dashboard Controller

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1...

PT-2025-48161

Name of the Vulnerable Software and Affected Versions Frappe CRM version 1.53.1 Description The Frappe CRM Dashboard Controller contains multiple SQL injection flaws. These flaws are due to the unsafe concatenation of user-controlled parameters into dynamic SQL statements. The issue allows for...

EUVD-2018-11746

Malware in sbrugna...

PT-2024-7743 · Cisco · Cisco Nexus Dashboard Fabric Controller

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard Fabric Controller NDFC affected versions not specified Description: A vulnerability in the REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated...

CVE-2024-28265

IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\LoginController.php...

SQL Injection

Foreman is vulnerable to SQL injection. An input sanitization flaw in the id field in the dashboard controller allows remote unauthenticated attackers to perform SQL injection on the back end database...

foreman: SQL injection due to improper handling of the widget id parameter

An input sanitization flaw was found in the id field of the dashboard controller. A user could use this flaw to perform a SQL injection attack on the back-end database...

CVE-2018-1096

An input sanitization flaw was found in the id field of the dashboard controller. A user could use this flaw to perform a SQL injection attack on the back-end database...

Sql injection

An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database...

CVE-2018-1096

Foreman prior to version 1.16.1 is affected by an input sanitization flaw in the id field of the dashboard controller that enables SQL injection against the back-end database. Affected component: Foreman dashboard controller (id parameter). Root cause: insufficient input sanitization leading to a...

Piwik PHP Object Injection Vulnerability

Piwik formerly known as phpMyVisites is an open source website access statistics system based on PHP5 and MySQL. A security vulnerability exists in the 'saveLayout' function in the /plugins/Dashboard/Controller.php script in Piwik 2.16.0 and earlier versions. A remote attacker can exploit this...