941 matches found
CVE-2026-5640 PHPGurukul Online Shopping Portal Project Parameter update-image2.php sql injection
A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the component Parameter Handler. The manipulation of the argument filename leads to sql injection. The attack is possible to be...
CVE-2026-5640
The CVE-2026-5640 entry concerns PHPGurukul Online Shopping Portal Project 2.1. The vulnerability is an SQL injection in an unknown function within /admin/update-image2.php of the Parameter Handler, triggered by manipulating the filename argument. It is described as remotely exploitable and publi...
CVE-2026-5639
A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed remotely. The...
CVE-2026-5639 PHPGurukul Online Shopping Portal Project Parameter update-image3.php sql injection
A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed remotely. The...
CVE-2026-5639
PHPGurukul Online Shopping Portal Project 2.1 has a SQL injection flaw in the Parameter Handler’s /admin/update-image3.php. The vulnerability arises from manipulating the filename argument, enabling remote exploitation. Exploit published; CVSS notes range from 4.0 to 3.0 scales with PROOF-OF-CONC...
PT-2026-30587
A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed remotely. The...
PT-2026-30588
A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the component Parameter Handler. The manipulation of the argument filename leads to sql injection. The attack is possible to be...
PT-2026-30590
A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The manipulation of the argument filename results in sql injection. The attack may be performed from...
CVE-2026-31062
UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the filename parameter of the formFtpServerDirConfig function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2026-31062
CVE-2026-31062 affects UTT Aggressive 520W devices with firmware v3v1.7.7-180627. The issue is a buffer overflow in the filename parameter of the formFtpServerDirConfig function, leading to Denial of Service via crafted input. The connected sources consistently describe this as a DoS vulnerabilit...
PT-2026-30620
UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the filename parameter of the formFtpServerDirConfig function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2026-31062
UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the filename parameter of the formFtpServerDirConfig function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
PHPGurukul Online Shopping Portal Project SQL注入漏洞
The PHPGurukul Online Shopping Portal Project is an online shopping portal project of PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter filename in the file...
PHPGurukul Online Shopping Portal Project SQL注入漏洞
The PHPGurukul Online Shopping Portal Project is an online shopping portal project developed by PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter filename ...
UTT 520W 安全漏洞
UTT 520W is a wireless router produced by China's UT Technology Co., Ltd. The UTT 520W v3v1.7.7-180627 version contains a security vulnerability. This vulnerability stems from a buffer overflow in the filename parameter of the formFtpServerDirConfig function, which could lead to a denial-of-servi...
griptape 路径遍历漏洞
Griptape is an open-source generative AI application development framework created by Griptape. Version 0.19.4 of Griptape contains a path traversal vulnerability, which stems from incorrect handling of the parameter filename, potentially leading to path traversal attacks...
PT-2026-29923
Summary Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename or name instead of removing the folded line break during unfolding. As a result,...
CVE-2026-5015
A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown function of the file /logs of the component Endpoint. This manipulation of the argument filename causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
CVE-2026-5027
The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences '../'...
SUSE CVE-2026-33344
Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version 2.3.1, the fix for CVE-2026-27598 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the CREATE path. The remaining API endpoints - GET, DELETE,...