Lucene search
+L

96 matches found

CNNVD
CNNVD
added 2021/08/16 12:0 a.m.5 views

Online Catering Reservation System 路径遍历漏洞

Online Catering Reservation System is an open source online catering reservation system. Online Catering Reservation System is vulnerable due to a lack of validation in index.php leading to a directory traversal vulnerability. An attacker could use this vulnerability to obtain sensitive informati...

7.5CVSS5.6AI score0.02252EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/02/23 12:0 a.m.9 views

geojsonkml Command Injection Vulnerability

geojsonkml is an open source node.js module for converting geojson to kml. A command injection vulnerability exists in geojson2kml, which stems from vulnerability to command injection attacks via the index.js file...

9.8CVSS7.3AI score0.63305EPSS
Exploits1References2
CNNVD
CNNVD
added 2020/12/23 12:0 a.m.30 views

Advanced Comment System Path Traversal Vulnerability

Advanced Comment System is an advanced comment system. ACS Advanced Comment System 1.0 suffers from a path traversal vulnerability that originates in index.php, an advanced component system...

7.5CVSS7.1AI score0.21EPSS
Exploits2References3
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.9 views

SourceCodester Gym Management System 跨站脚本漏洞

SourceCodester Gym Management System is the American SourceCodester company's a gym management system. The system by C and sql server for the development of technology, with customer and supplier management, product management, sales management, gym membership management, fitness assessment, syst...

6.1CVSS6.4AI score0.00947EPSS
Exploits1References3
CNVD
CNVD
added 2020/05/25 12:0 a.m.3 views

Monstra CMS Code Issue Vulnerability

Monstra CMS is a lightweight PHP-based content management system MS by Ukrainian software developer Sergey Romanenko. A security vulnerability exists in the index.php script in Monstra CMS version 3.0.4, which originates from the program's failure to properly validate file extensions. The...

8.8CVSS9.1AI score0.02502EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/01/03 12:0 a.m.5 views

PT-2019-6068 · Wayang · Wayang-Cms

Name of the Vulnerable Software and Affected Versions: Wayang-CMS version 1.0 Description: A cross-site scripting XSS issue in the index.php file of Wayang-CMS allows attackers to execute arbitrary web scripts or HTML by adding a specially crafted X-Forwarded-For field to the header. This can...

6.1CVSS6.1AI score0.00662EPSS
Exploits1References3
OSV
OSV
added 2018/03/04 7:29 p.m.5 views

CVE-2018-7653

In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter...

6.1CVSS5.8AI score0.08686EPSS
Exploits5References3
CNVD
CNVD
added 2017/11/01 12:0 a.m.33 views

Nice PHP FAQ Script SQL Injection Vulnerability

Nice PHP FAQ Script is a PHP-based website autoresponder script. A SQL injection vulnerability exists in Nice PHP FAQ Script. The vulnerability can be exploited to inject SQL commands by sending the 'nicetheme' parameter to the index.php file...

9.8CVSS8.3AI score0.02652EPSS
Exploits5References1
CNVD
CNVD
added 2017/10/25 12:0 a.m.5 views

SQL Injection Vulnerability in APPCMS index.php File

APPCMS is a professional APP content management system. A SQL injection vulnerability exists in the index.php file of APPCMS version 1.3.855. An attacker can exploit this vulnerability to obtain sensitive database information or perform unauthorized operations...

7.7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.8 views

The vulnerability of Juniper SRX 240 microprogramming software allows a hacker to execute arbitrary Java scripts in the context of the user’s browser.

The Juniper SRX 240 router software contains a vulnerability in the index.php module, allowing an attacker to execute arbitrary Java scripts in the user’s browser context due to insufficient filtering of service-specific symbols...

4.3CVSS5.8AI score0.01803EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2015/11/24 12:0 a.m.4 views

JosephErnest Void Cross-Site Scripting Vulnerability

JosephErnest Void is a content management system CMS. A cross-site scripting vulnerability exists in the index.php script in versions of JosephErnest Void prior to 2015-10-02. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of a specially...

4.3CVSS5.9AI score0.01786EPSS
Exploits0References1
CNVD
CNVD
added 2015/01/23 12:0 a.m.6 views

Exponent CMS 'index.php' Cross-Site Scripting Vulnerability

Exponent CMS is open source content management system. A cross-site scripting vulnerability exists in Exponent CMS 'index.php' because it fails to properly filter user-supplied input. An attacker may be able to exploit this vulnerability to execute arbitrary script code in an unsuspecting user's...

6.1CVSS6.7AI score0.01475EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2009/09/15 12:0 a.m.8 views

PT-2009-5500 · Grapari · E-Gold Game Series Pirates Of The Caribbean

Name of the Vulnerable Software and Affected Versions: Pirates of The Caribbean in the E-Gold Game Series affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the x and y parameters in the "index.php" file. This enables attackers to...

7.5CVSS7.7AI score0.01133EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2008/06/24 7:41 p.m.2 views

CVE-2008-2837

SQL injection vulnerability in index.php in CMS-BRD allows remote attackers to execute arbitrary SQL commands via the menuclick parameter...

7.5CVSS6.4AI score0.00967EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2007/04/18 12:0 a.m.6 views

PT-2007-3414 · Ivan · Ivan Gallery Script

Name of the Vulnerable Software and Affected Versions: Ivan Gallery Script version 0.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter in the index.php file. There is a dispute regarding version 0.3, with some researchers stating that th...

7.5CVSS8AI score0.01682EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2006/09/13 12:0 a.m.6 views

PT-2006-5529 · Phprog · Phprog

Name of the Vulnerable Software and Affected Versions: PHProg versions prior to 1.1 Description: The issue is related to a cross-site scripting XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML. This is achieved via the album parameter in index.php, which is us...

6.8CVSS5.7AI score0.02223EPSS
Exploits1References9
Rows per page
Query Builder