Lucene search
K

7 matches found

Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.12 views

PT-2026-3823

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

8.8CVSS5.8AI score0.00421EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/26 6:31 p.m.5 views

EUVD-2025-199721

OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...

7.8AI score0.00392EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.5 views

PT-2025-34231 · Foxcms · Foxcms

Name of the Vulnerable Software and Affected Versions: FoxCMS version 1.2.6 Description: A Reflected Cross Site Scripting XSS vulnerability exists in the /index.php endpoint of the software. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response,...

8.8CVSS6.4AI score0.0046EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/09/27 12:0 a.m.4 views

PT-2024-39534 · Tmsoft · Tmsoft Myauth Gateway

Name of the Vulnerable Software and Affected Versions: TMsoft MyAuth Gateway version 3 Description: A problematic vulnerability has been found in TMsoft MyAuth Gateway. The issue affects an unknown function of the file /index.php. The manipulation of the argument console/nocache/cmd leads to...

5.3CVSS4.2AI score0.00338EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.5 views

PT-2024-33031 · Unknown · School Erp Pro+Responsive

Name of the Vulnerable Software and Affected Versions: School ERP Pro+Responsive version 1.0 Description: The issue allows an attacker to partially take control of the victim's browser session through a cross-site scripting XSS attack. This is achieved by exploiting the username and password...

6.5CVSS6.4AI score0.00439EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/19 12:0 a.m.4 views

PT-2023-15471 · Seltmann Gmbh · Seltmann Gmbh Content Management System

Name of the Vulnerable Software and Affected Versions: Seltmann GmbH Content Management System version 6 Description: The issue is related to SQL Injection via the "/index.php" API endpoint. This allows for potential exploitation. Recommendations: For Seltmann GmbH Content Management System versi...

9.8CVSS8AI score0.00752EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.5 views

PT-2022-11402 · Unknown · Expense Management System

Name of the Vulnerable Software and Affected Versions: Expense Management System version 1.0 Description: A stored Cross-Site Scripting XSS issue exists in the Expense Management System application, allowing for arbitrary execution of JavaScript commands through the "index.php" endpoint. This...

5.4CVSS6AI score0.00513EPSS
Exploits2References5
Rows per page
Query Builder