121 matches found
PT-2024-25985 · Netentsec · Netentsec Ns-Asg Application Security Gateway
Name of the Vulnerable Software and Affected Versions: Netentsec NS-ASG Application Security Gateway version 6.3 Description: A critical vulnerability has been found in the Netentsec NS-ASG Application Security Gateway. This issue affects an unknown part of the file /admin/config...
CVE-2024-28714
SQL Injection vulnerability in CRMEBJava e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter...
CVE-2024-28714
SQL Injection vulnerability in CRMEBJava e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter...
Zhongbang CRMEB 安全漏洞
Zhongbang CRMEB is an open source e-commerce management system from Zhongbang in Xi'an, China. A security vulnerability exists in CRMEB Java e-commerce system version v.1.3.4. An attacker can exploit this vulnerability to execute arbitrary code via the groupid parameter...
PT-2024-22534 · Unknown · Crmeb Java
Name of the Vulnerable Software and Affected Versions: CRMEB Java e-commerce system version 1.3.4 Description: The issue allows an attacker to execute arbitrary code via the groupid parameter, potentially leading to unauthorized access and data manipulation. Recommendations: For CRMEB Java...
Sql injection
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/listipAddressPolicy.php. The manipulation of the argument GroupId leads to sql injection. The attack can ...
Netentsec NS-ASG Application Security Gateway SQL Injection Vulnerability
Netentsec NS-ASG Application Security Gateway is an application security gateway from China Netentsec. A SQL injection vulnerability exists in Netentsec NS-ASG Application Security Gateway version 6.3, which stems from an incorrect operation of the parameter GroupId that can lead to sql injection...
Vulnerability of the /admin/bookings/view_booking.php script of the SourceCodester AC Repair and Services system, allowing a hacker to execute arbitrary SQL code
The vulnerability in the “/admin/bookings/viewbooking.php” script of the SourceCodester AC Repair and Services system relates to the lack of protective measures for the SQL query structure when processing the parameter “tomail=&groupid=”. Exploiting this vulnerability allows an attacker to execut...
The vulnerability in the admin/sendmailto.php script of the ZZCMS CMS system allows a hacker to execute arbitrary SQL code.
The vulnerability in the admin/sendmailto.php script of the ZZCMS CMS system relates to the lack of protection for the SQL query structure when processing the parameter tomail=&groupid=. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...
PT-2023-2942 · Sourcecodester · Sourcecodester Ac Repair/Services System
Name of the Vulnerable Software and Affected Versions: SourceCodester AC Repair and Services System version 1.0 Description: A critical issue has been found in the system, affecting the /admin/bookings/view booking.php file. The manipulation of the id argument leads to SQL injection. This can be...
Cyclos 4 PRO Cross-Site Scripting Vulnerability
Cyclos 4 PRO is a web server. A cross-site scripting vulnerability exists in Cyclos 4 PRO version 4.14.7 and earlier, which can be exploited by remote attackers to inject arbitrary web scripts or HTML via the groupId parameter...
CVE-2022-27431
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php...
CVE-2022-27431
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php...
CVE-2022-27431
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php...
CVE-2022-27431
Wuzhicms v4.1.0 is affected by CVE-2022-27431 due to a SQL injection vulnerability via the groupid parameter in /coreframe/app/member/admin/group.php. The root cause, as described in CNVD/CVE entries, is lack of input validation for external SQL statements enabling attackers to craft inputs that ...
CVE-2021-31673
A Dom-based Cross-site scripting XSS vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter...
CVE-2021-31673
A Dom-based Cross-site scripting XSS vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter...
Cross site scripting
A Dom-based Cross-site scripting XSS vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter...
Cyclos 4 PRO 跨站脚本漏洞
Cyclos 4 PRO is a web server. A cross-site scripting vulnerability exists in Cyclos 4 PRO version 4.14.7 and earlier, which can be exploited by remote attackers to inject arbitrary web scripts or HTML via the groupId parameter...
CVE-2021-28129 DEB packaging for Apache OpenOffice 4.1.8 installed with a non-root userid and groupid
While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. User...