422 matches found
CVE-2020-25729
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php...
Design/Logic Flaw
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php...
CVE-2020-25729
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php...
CVE-2020-25729
ZoneMinder prior to 1.34.21 is affected by a cross-site scripting (XSS) vulnerability via the connkey parameter in download.php or export.php. The issue is documented across multiple sources (NVD, RH, CNVD, OSV, etc.) with the same description, indicating the vulnerability stems from unsanitized ...
CVE-2020-25729
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php...
CVE-2020-25729
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php...
MPC Sharj 3.11.1 - Arbitrary File Download
Exploit title : MPC Sharj 3.11.1 - Arbitrary File Download Exploit Author : SajjadBnd Date : 2020-05-02 Software Link : http://dl.nuller.ir/mpc-sharj-vr3.11.1betawww.nuller.ir.zip Tested on : Ubuntu 19.10 Version : 3.11.1 Beta DESCRIPTION MPC Sharj is a free open source script for creating sim ca...
School ERP Pro 1.0 Arbitrary File Read
Exploit Title: School ERP Pro 1.0 - Arbitrary File Read Date: 2020-04-28 Author: Besim ALTINOK Vendor Homepage: http://arox.in Software Link: https://sourceforge.net/projects/school-erp-ultimate/ Version: latest version Tested on: Xampp Credit: İsmail BOZKURT CVE: N/A Vulnerable code:...
UADMIN Botnet SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: UADMIN Botnet - SQL Injection Vulnerability Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: unkn0wn Version: unkn0wn Tested on: Windows 10, Kali CVE : n/a Vuln-Code: download.php $link=$GET'link';...
UADMIN Botnet 1.0 - 'link' SQL Injection
Exploit Title: UADMIN Botnet 1.0 - 'link' SQL Injection Google Dork: n/a Date: 2020-03-16 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: unkn0wn Version: unkn0wn Tested on: Windows 10, Kali CVE : n/a Vuln-Code: download.php $link=$GET'link'; $agent=esc$SERVER'HTTPUSERAGENT';...
CVE-2020-10387
CVE-2020-10387 describes a path traversal vulnerability in Chadha PHPKB Standard Multi-Language 9, exposed via the admin/download.php endpoint. The flaw allows traversal of the server file system through the GET parameter “file” (using dot-dot-slash sequences), enabling arbitrary file download. P...
Directory traversal
The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter...
CVE-2015-9473
The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter...
CVE-2015-9470
The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter...
CVE-2019-16894
download.php in inoERP 4.15 allows SQL injection through insecure deserialization...
Sql injection
download.php in inoERP 4.15 allows SQL injection through insecure deserialization...
CVE-2019-16894
download.php in inoERP 4.15 allows SQL injection through insecure deserialization...
CVE-2019-16894
CVE-2019-16894 concerns inoERP 4.15, where download.php is vulnerable to SQL injection via insecure deserialization. The root cause is insecure handling of serialized data in the download path, enabling an attacker to manipulate SQL queries and potentially extract or alter data. The vulnerability...
CVE-2014-10397
The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php...
Vulnerability of the handler/script in the “download.php” file of the information system development platform: An exploit that allows an attacker to read arbitrary files on the server.
The vulnerability in the handler/download.php script of the information system development platform exists due to insufficient checking of the POST parameter filename. Exploiting this vulnerability allows a malicious actor to read the contents of arbitrary files on the server using a specially...