CVE-2018-19180

statics/app/index/controller/Install.php in YUNUCMS 1.1.5 if install.lock is not present allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DBPREFIX field, which is written to database.php...

EUVD-2018-11124

Malware in sbrugna...

EUVD-2025-27220

Malicious code in bioql PyPI...

EUVD-2022-52338

Malicious code in bioql PyPI...

CVE-2025-10122

A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be use...

CVE-2025-10122 Maccms10 Database.php rep sql injection

A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be use...

PT-2025-36564

Name of the Vulnerable Software and Affected Versions: Maccms10 version 2025.1000.4050 Description: A SQL injection issue exists in the rep function of the application/admin/controller/Database.php file. Manipulation of the where argument can lead to SQL injection. The attack can be initiated...

CVE-2025-51092

The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. The functions logIn and signUp build queries by directly concatenating user input and unvalidated table names without using prepared statements. While a prepareDat...

CVE-2022-30453

ShopWind = 3.4.2 has a RCE vulnerability in Database.php...

CVE-2022-30452

ShopWind = v3.4.2 has a Sql injection vulnerability in Database.php...

CVE-2024-11240 IBPhoenix ibWebAdmin Banco de Dados Tab database.php cross site scripting

A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument dbloginrole leads to cross site scripting. The attack may be...

PT-2024-16850 · Ibphoenix · Ibphoenix Ibwebadmin

Name of the Vulnerable Software and Affected Versions: IBPhoenix ibWebAdmin versions up to 1.0.2 Description: A vulnerability was found in IBPhoenix ibWebAdmin, affecting some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument db log...

CVE-2024-45894

BlueCMS 1.6 suffers from Arbitrary File Deletion via the filename parameter in an /admin/database.php?act=del request...

CVE-2024-45894

BlueCMS 1.6 suffers from Arbitrary File Deletion via the filename parameter in an /admin/database.php?act=del request...

CVE-2024-45894

BlueCMS 1.6 suffers from Arbitrary File Deletion via the filename parameter in an /admin/database.php?act=del request...

CVE-2024-45894

CVE-2024-45894 affects BlueCMS 1.6, enabling Arbitrary File Deletion via the file_name parameter in the /admin/database.php?act=del endpoint. The underlying issue is that the parameter allows deletions of arbitrary files, exposing potential file-impact risks. Remediation guidance in the connected...

Ciuis CRM 1.0.7 Local File Inclusion

==================================================================================================================================== | Title : Ciuis™ CRM v1.0.7 LFI Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...

CVE-2023-1184 ECshop Backup Database database.php unrestricted upload

A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Affected by this issue is some unknown functionality of the file admin/database.php of the component Backup Database Handler. The manipulation leads to unrestricted upload. The attack may be launched...

CVE-2015-10045

A vulnerability, which was classified as critical, was found in tutrantta projecttodolist. Affected is the function getAffectedRows/where/insert/update in the library library/Database.php. The manipulation leads to sql injection. The name of the patch is 194a0411bbe11aa4813f13c66b9e8ea403539141. ...

Sql injection

A vulnerability, which was classified as critical, was found in tutrantta projecttodolist. Affected is the function getAffectedRows/where/insert/update in the library library/Database.php. The manipulation leads to sql injection. The name of the patch is 194a0411bbe11aa4813f13c66b9e8ea403539141. ...