96 matches found
Online Catering Reservation System 路径遍历漏洞
Online Catering Reservation System is an open source online catering reservation system. Online Catering Reservation System is vulnerable due to a lack of validation in index.php leading to a directory traversal vulnerability. An attacker could use this vulnerability to obtain sensitive informati...
geojsonkml Command Injection Vulnerability
geojsonkml is an open source node.js module for converting geojson to kml. A command injection vulnerability exists in geojson2kml, which stems from vulnerability to command injection attacks via the index.js file...
Advanced Comment System Path Traversal Vulnerability
Advanced Comment System is an advanced comment system. ACS Advanced Comment System 1.0 suffers from a path traversal vulnerability that originates in index.php, an advanced component system...
SourceCodester Gym Management System 跨站脚本漏洞
SourceCodester Gym Management System is the American SourceCodester company's a gym management system. The system by C and sql server for the development of technology, with customer and supplier management, product management, sales management, gym membership management, fitness assessment, syst...
Monstra CMS Code Issue Vulnerability
Monstra CMS is a lightweight PHP-based content management system MS by Ukrainian software developer Sergey Romanenko. A security vulnerability exists in the index.php script in Monstra CMS version 3.0.4, which originates from the program's failure to properly validate file extensions. The...
PT-2019-6068 · Wayang · Wayang-Cms
Name of the Vulnerable Software and Affected Versions: Wayang-CMS version 1.0 Description: A cross-site scripting XSS issue in the index.php file of Wayang-CMS allows attackers to execute arbitrary web scripts or HTML by adding a specially crafted X-Forwarded-For field to the header. This can...
CVE-2018-7653
In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter...
Nice PHP FAQ Script SQL Injection Vulnerability
Nice PHP FAQ Script is a PHP-based website autoresponder script. A SQL injection vulnerability exists in Nice PHP FAQ Script. The vulnerability can be exploited to inject SQL commands by sending the 'nicetheme' parameter to the index.php file...
SQL Injection Vulnerability in APPCMS index.php File
APPCMS is a professional APP content management system. A SQL injection vulnerability exists in the index.php file of APPCMS version 1.3.855. An attacker can exploit this vulnerability to obtain sensitive database information or perform unauthorized operations...
The vulnerability of Juniper SRX 240 microprogramming software allows a hacker to execute arbitrary Java scripts in the context of the user’s browser.
The Juniper SRX 240 router software contains a vulnerability in the index.php module, allowing an attacker to execute arbitrary Java scripts in the user’s browser context due to insufficient filtering of service-specific symbols...
JosephErnest Void Cross-Site Scripting Vulnerability
JosephErnest Void is a content management system CMS. A cross-site scripting vulnerability exists in the index.php script in versions of JosephErnest Void prior to 2015-10-02. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of a specially...
Exponent CMS 'index.php' Cross-Site Scripting Vulnerability
Exponent CMS is open source content management system. A cross-site scripting vulnerability exists in Exponent CMS 'index.php' because it fails to properly filter user-supplied input. An attacker may be able to exploit this vulnerability to execute arbitrary script code in an unsuspecting user's...
PT-2009-5500 · Grapari · E-Gold Game Series Pirates Of The Caribbean
Name of the Vulnerable Software and Affected Versions: Pirates of The Caribbean in the E-Gold Game Series affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the x and y parameters in the "index.php" file. This enables attackers to...
CVE-2008-2837
SQL injection vulnerability in index.php in CMS-BRD allows remote attackers to execute arbitrary SQL commands via the menuclick parameter...
PT-2007-3414 · Ivan · Ivan Gallery Script
Name of the Vulnerable Software and Affected Versions: Ivan Gallery Script version 0.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter in the index.php file. There is a dispute regarding version 0.3, with some researchers stating that th...
PT-2006-5529 · Phprog · Phprog
Name of the Vulnerable Software and Affected Versions: PHProg versions prior to 1.1 Description: The issue is related to a cross-site scripting XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML. This is achieved via the album parameter in index.php, which is us...