Lucene search
K

321 matches found

Vulnrichment
Vulnrichment
added 2026/03/02 2:47 p.m.7 views

CVE-2025-50188 Error-based SQL Injection in Chamilo LMS

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an...

7CVSS6AI score0.00708EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/02 2:47 p.m.4 views

CVE-2025-50188

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an...

7.2CVSS6AI score0.00708EPSS
Exploits1References4Affected Software1
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.140 views

📄 MajorDoMo Console Eval Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in MajorDoMo, an open-source home automation platform. The admin panels PHP console is accessible without authentication due to a missing exit after redirect in modules/panel.class.php. The redirect"/" call...

9.8CVSS6.5AI score0.06996EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/02/23 7:25 p.m.6 views

CVE-2019-25459

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...

9.8CVSS5.7AI score0.00433EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/23 7:25 p.m.6 views

CVE-2019-25458

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract...

9.8CVSS5.7AI score0.00479EPSS
Exploits1References1
NVD
NVD
added 2026/02/22 3:16 p.m.10 views

CVE-2019-25458

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract...

9.8CVSS0.00479EPSS
Exploits1References3
NVD
NVD
added 2026/02/22 3:16 p.m.7 views

CVE-2019-25459

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...

9.8CVSS0.00433EPSS
Exploits1References3
OSV
OSV
added 2026/02/22 3:16 p.m.6 views

CVE-2019-25459

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...

9.8CVSS5.9AI score0.00433EPSS
Exploits1References3
NVD
NVD
added 2026/02/22 2:16 p.m.6 views

CVE-2019-25443

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

8.8CVSS0.00232EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/22 2:12 p.m.3 views

CVE-2019-25459

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...

8.8CVSS6AI score0.00433EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/22 2:12 p.m.25 views

CVE-2019-25459 Web Ofisi Emlak V2 SQL Injection via emlak-ara.html

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...

9.8CVSS0.00433EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/22 2:12 p.m.2 views

CVE-2019-25458 Web Ofisi Firma Rehberi v1 SQL Injection via firmalar.html

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract...

9.8CVSS5.7AI score0.00479EPSS
Exploits1References3
CVE
CVE
added 2026/02/22 2:12 p.m.18 views

CVE-2019-25458

CVE-2019-25458 affects Web Ofisi Firma Rehberi v1, where an SQL injection flaw allows unauthenticated users to manipulate database queries via GET parameters. Specifically, malicious payloads placed in the il, kat, or kelime parameters can extract sensitive data or enable time-based blind SQL inj...

9.8CVSS6AI score0.00479EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/22 1:18 p.m.26 views

CVE-2019-25443 Inventory Webapp SQL Injection via add-item.php

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

8.8CVSS0.00232EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/22 1:18 p.m.5 views

CVE-2019-25443 Inventory Webapp SQL Injection via add-item.php

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

8.8CVSS6.2AI score0.00232EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/22 1:18 p.m.5 views

CVE-2019-25443

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

8.8CVSS6.3AI score0.00232EPSS
Exploits0References2
CVE
CVE
added 2026/02/22 1:18 p.m.13 views

CVE-2019-25443

Inventory Webapp is affected by CVE-2019-25443: an SQL injection in add-item.php allows unauthenticated users to manipulate queries via GET parameters (name, description, quantity, cat_id), enabling arbitrary database commands. The vulnerability affects the way input is incorporated into SQL stat...

8.8CVSS6.3AI score0.00232EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/22 12:0 a.m.8 views

Inventory Webapp SQL注入漏洞

Inventory Webapp is a browser-based inventory management system developed by Inventory Company. The Inventory Webapp has a SQL injection vulnerability, which stems from SQL injections in GET parameters. This vulnerability could allow unverified attackers to manipulate database queries...

8.8CVSS5.9AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.6 views

PT-2026-21433

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or cat id parameters to add-item.php to execu...

8.8CVSS6.3AI score0.00232EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.5 views

PT-2026-21445

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract...

8.8CVSS5.9AI score0.00479EPSS
Exploits1References4
Rows per page
Query Builder