EUVD-2026-38658

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...

CVE-2020-37186

Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a...

CVE-2018-10429

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php...

EUVD-2008-7145

Malware in sbrugna...

EUVD-2018-2501

Malware in sbrugna...

CVE-2022-1156

The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

idreamsoft iCMS Operating System Command Injection Vulnerability

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A security vulnerability exists in Idreamsoft iCMS 7, which can be exploited by an attacker to install.php by executing arbitrary commands via a shell with metacharacters in the DB prefix parameter...

YUNUCMS Arbitrary PHP Code Execution Vulnerability

YUNUCMS is China Yunyou YUNU network technology company of a set of open source enterprise station building content management system CMS. YUNUCMS 1.1.5 version of the statics/app/index/controller/Install.php file has a security vulnerability. A remote attacker can exploit this vulnerability by...

Cosmo Arbitrary PHP Code Execution Vulnerability

Cosmo is a set of CMS Content Management System built on AngularJS and PHP. A security vulnerability exists in Cosmo version 1.0.0Beta6. The vulnerability can be exploited to execute arbitrary PHP code via the Database Prefix field in the Database Info screen on the localhost/Cosmo/install.php li...

Code injection

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php...

CVE-2018-10429

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php...

CVE-2018-10429

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php...

WordPress Plugin Extra User Details 0.4.2 - Privilege Escalation

""" Exploit Title: Extra User Details Privilege Escalation Discovery Date: 2016-02-13 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://vadimk.com/ Software Link: https://wordpress.org/plugins/extra-user-details/ Version: 0.4.2 Tested on:...

Limbo CMS <= 1.0.4.2 Cuid cookie Blind SQL Injection Exploit

No description provided by source. !/usr/bin/python ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / /...

phpcms v9 article reviews the filter LAX database sensitive information disclosure-vulnerability warning-the black bar safety net

phpcms v9 article reviews published 'a'; then reply to this comment can be burst table names and database prefix Vulnerability to prove: ! !...

Design/Logic Flaw

Coppermine Photo Gallery CPG 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504...

Ultrastats 0.2.142 - players-detail.php Blind SQL Injection

Ultrastats 0.2.142 - players-detail.php Blind SQL Injection !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; ! Discovered.: DNX ! Vendor.....: http://www.shooter-szene.de | http://www.ultrastats.org ! Detected...: 29.06.2008 ! Reported...: 04.07.2008 ! Response...: xx.xx.2008 ! Background.:...

SMF &lt;= 1.1.4 COOKIE[topic] SQL-Injection Exploit

Здравствуйте, Зараза. Поддержим отечественного произодителя. SMF = 1.1.4 COOKIEtopic SQL-Injection Exploit www.simplemachines.org Уязвимость заключается в неопределенном параметре $topic. Атакующий может определить его значение и выполнить произольный SQL-запрос в базу данных приложения...

Limbo CMS 1.0.4.2 - &#039;Cuid&#039; cookie Blind SQL Injection

!/usr/bin/python ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / ================================================================================================= This is a Public Exploit. Date:...

PNPHPBB2 1.2 - index.php SQL Injection

PNPHPBB2 1.2 - index.php SQL Injection C:\usr\php\php.exe c:\php.php Content-type: text/html X-Powered-By: PHP/4.3.9 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Usage: php c:\php.php host path OPTIONS host: target server ip/hostname path: PNphpBB2 path Options:...