CVE-2018-18198

The $openerinputfield variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/mediainputfield=XSS request...

CVE-2009-4852

Multiple cross-site scripting XSS vulnerabilities in SemanticScuttle before 0.94.1 allow remote attackers to inject arbitrary web script or HTML via the sort parameter to index.php, and other unspecified vectors, a different issue than CVE-2008-6113. NOTE: some of these details are obtained from...

CVE-2010-0963

Cross-site scripting XSS vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID. NOTE: some of these details are obtained from third party information...

CVE-2021-41755

dynamicMarkt = 3.10 is affected by SQL injection in the kat1 parameter of index.php...

CVE-2022-26276

An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal...

CVE-2019-11374

74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin=admin=add URI...

CVE-2023-4115

A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier...

CVE-2019-7753

Verydows 2.0 has XSS via the index.php?m=api=stats=count referrer parameter...

CVE-2019-16664

An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group∾=create=do groupname parameter...

CVE-2019-16312

s-cms V3.0 has XSS in index.php?type=text via the Sid parameter...

CVE-2019-16658

TuziCMS 2.0.6 has index.php/manage/notice/doadd CSRF...

PT-2025-52697

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x Description The software contains an SQL injection flaw in the 'index.php' authentication process. An attacker can manipulate login credentials by injecting malicious SQL code through the password POS...

EUVD-2023-60205

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

CVE-2023-53926 PHPJabbers Simple CMS 5.0 SQL Injection via Column Parameter

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

PT-2025-50721

A security flaw has been discovered in code-projects Class and Exam Timetable Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument username/password results in sql injection. The attack may be...

CVE-2025-63739

An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint...

CVE-2025-63739

An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint...

CVE-2025-63738

An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php...

Xinhu RockOA 安全漏洞

Xinhu RockOA is an office OA system of China Xinhu Company. A security vulnerability exists in Xinhu RockOA version 2.7.0, which originates from the incorrect operation of the parameter a in the file index.php, which may lead to the disclosure of sensitive information...

EUVD-2025-199928

A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public...