75 matches found
CVE-2018-25395
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the featureid parameter of boardsbuttons/updatefeature.php. The featureid value is concatenated directly into SQL statements withou...
CVE-2018-25395 Kados R10 GreenBee SQL Injection via update_feature.php
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the featureid parameter of boardsbuttons/updatefeature.php. The featureid value is concatenated directly into SQL statements withou...
CVE-2018-25395
Kados R10 GreenBee is affected by an SQL injection via boards_buttons/update_feature.php in the feature_id parameter. The feature_id is concatenated directly into SQL statements without sanitization, enabling unauthenticated attackers to send crafted GET requests (including UNION-based payloads) ...
CVE-2018-25394 Kados R10 GreenBee SQL Injection via update_release.php
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the releaseid parameter of boardsbuttons/updaterelease.php. The releaseid value is concatenated directly into SQL statements withou...
CVE-2018-25394 Kados R10 GreenBee SQL Injection via update_release.php
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the releaseid parameter of boardsbuttons/updaterelease.php. The releaseid value is concatenated directly into SQL statements withou...
CVE-2018-25394
Kados R10 GreenBee contains an SQL injection in boards_buttons/update_release.php via the release_id parameter. The release_id value is concatenated directly into SQL statements without sanitization, enabling unauthenticated attackers to send a crafted GET request (Union-based payload) to extract...
Kados R10 GreenBee SQL注入漏洞
Kados R10 GreenBee is a web-based project management and collaboration tool developed by Kados OpenSource. Kados R10 GreenBee has a SQL injection vulnerability. This vulnerability arises from the fact that the featureid parameter in boardsbuttons/updatefeature.php is not cleaned properly, resulti...
PT-2026-44873
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature id parameter of boards buttons/update feature.php. The feature id value is concatenated directly into SQL statements...
Kados R10 GreenBee SQL注入漏洞
Kados R10 GreenBee is a web-based project management and collaboration tool developed by Kados OpenSource. Kados R10 GreenBee has a SQL injection vulnerability. This vulnerability arises from the fact that the releaseid parameter in boardsbuttons/updaterelease.php is not cleaned properly, allowin...
PT-2026-44872
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release id parameter of boards buttons/update release.php. The release id value is concatenated directly into SQL statements...
EUVD-2019-20113
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'idtomodify' parameter. Attackers can send crafted requests with malicious SQL statements in the idtomodify field to extract sensitive database...
EUVD-2019-20123
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filterusermail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data...
EUVD-2019-20115
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads to extract sensitive database information or modi...
EUVD-2019-20109
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menulev1 parameter. Attackers can send crafted requests with malicious SQL payloads in the menulev1 parameter to extract sensitive...
EUVD-2019-20121
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sortdirection parameter. Attackers can submit malicious SQL statements in the sortdirection parameter to extract sensitive database information or modi...
EUVD-2019-20119
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the idtodelete parameter. Attackers can send crafted requests with malicious SQL statements in the idtodelete field to extract or modify sensitive database...
EUVD-2019-20117
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the languagetag parameter. Attackers can submit malicious SQL statements in the languagetag parameter to extract sensitive database information or modify...
CVE-2019-25704
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filterusermail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data...
CVE-2019-25702
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the idproject parameter. Attackers can send crafted requests with malicious SQL statements in the idproject parameter to extract sensitive database...
CVE-2019-25694
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads to extract sensitive database information or modi...