7210 matches found
CVE-2022-26980
Teampass 2.1.26 allows reflected XSS via the index.php PATHINFO...
CVE-2022-26980
Teampass 2.1.26 allows reflected XSS via the index.php PATHINFO...
CVE-2022-26980
CVE-2022-26980 affects Teampass 2.1.26 and is described as a reflected XSS vulnerability via the index.php PATH_INFO. The linked sources corroborate a reflected XSS issue but do not provide an official patch version or remediation in the supplied documents. Documented CVSS scores from NVD (2.0/3....
Sql injection
An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8...
CVE-2022-25481
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode...
ThinkPHP 安全漏洞
ThinkPHP is a PHP-based, open source, lightweight web application development framework from China's Top Thinking Information Technology Company. A security vulnerability exists in ThinkPHP Framework v5.0.24, which stems from the lack of configuration of the PATHINFO parameter. An attacker can...
CVE-2021-45791
CVE-2021-45791 affects Slims8 Akasia 8.3.1. A SQL injection exists in multiple admin modules (bibliography, member_type, user_group, membership index) via the dir parameter, due to insufficient input escaping/validation. Exploitation is described as feasible by remotely authenticated librarian us...
CVE-2021-45786
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges...
CVE-2021-46709
phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter aka num or number...
CVE-2021-46709
phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter aka num or number...
Design/Logic Flaw
phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter aka num or number...
UBUNTU-CVE-2021-46709
phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter aka num or number...
CVE-2021-46709
CVE-2021-46709 affects phpLiteAdmin up to version 1.9.8.2, where the index.php newRows parameter (also known as num or number) allows cross-site scripting (XSS). The issue stems from insufficient input validation/output handling for this parameter. Impact is XSS on affected installations; no expl...
CVE-2021-46709
phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter aka num or number...
PT-2022-12910 · Unknown +2 · Phpliteadmin +2
Name of the Vulnerable Software and Affected Versions: phpLiteAdmin versions prior to 1.9.8.2 Description: The issue allows for XSS attacks via the newRows parameter, also known as num or number, in the index.php file. Recommendations: For versions prior to 1.9.8.2, avoid using the newRows...
CVE-2022-26276
An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal...
Directory traversal
An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal...
OneNav 路径遍历漏洞
OneNav is a minimalist navigation/bookmark management system developed using PHP. A security vulnerability exists in index.php in OneNav v0.9.14. The vulnerability allows attackers to perform directory traversal...
PT-2022-17760 · Onenav · Onenav
Name of the Vulnerable Software and Affected Versions: OneNav version 0.9.14 Description: An issue in the index.php file allows attackers to perform directory traversal. Recommendations: For OneNav version 0.9.14, update to a version that fixes the issue in index.php to prevent directory traversa...
Server-Side Request Forgery (SSRF)
rudloff/alltube is vulnerable to server-side request forgery. The vulnerability exists in the 'index.php' file allowing an attacker to exploit the vulnerability by crafting a special HTML page to bypass the authentication mechanism...