7 matches found
PT-2026-3823
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...
EUVD-2025-199721
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...
PT-2025-34231 · Foxcms · Foxcms
Name of the Vulnerable Software and Affected Versions: FoxCMS version 1.2.6 Description: A Reflected Cross Site Scripting XSS vulnerability exists in the /index.php endpoint of the software. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response,...
PT-2024-39534 · Tmsoft · Tmsoft Myauth Gateway
Name of the Vulnerable Software and Affected Versions: TMsoft MyAuth Gateway version 3 Description: A problematic vulnerability has been found in TMsoft MyAuth Gateway. The issue affects an unknown function of the file /index.php. The manipulation of the argument console/nocache/cmd leads to...
PT-2024-33031 · Unknown · School Erp Pro+Responsive
Name of the Vulnerable Software and Affected Versions: School ERP Pro+Responsive version 1.0 Description: The issue allows an attacker to partially take control of the victim's browser session through a cross-site scripting XSS attack. This is achieved by exploiting the username and password...
PT-2023-15471 · Seltmann Gmbh · Seltmann Gmbh Content Management System
Name of the Vulnerable Software and Affected Versions: Seltmann GmbH Content Management System version 6 Description: The issue is related to SQL Injection via the "/index.php" API endpoint. This allows for potential exploitation. Recommendations: For Seltmann GmbH Content Management System versi...
PT-2022-11402 · Unknown · Expense Management System
Name of the Vulnerable Software and Affected Versions: Expense Management System version 1.0 Description: A stored Cross-Site Scripting XSS issue exists in the Expense Management System application, allowing for arbitrary execution of JavaScript commands through the "index.php" endpoint. This...