CVE-2020-19265

A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-19268

A cross-site request forgery CSRF in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users...

Cross site request forgery (csrf)

A cross-site request forgery CSRF in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users...

CVE-2020-19265

The provided documents confirm a stored cross-site scripting (XSS) vulnerability in Dswjcms 1.6.4, specifically in the index.php/Dswjcms/Basis/links component. The root cause is lack of proper validation/escaping of input parameters in that component, enabling attackers to store and execute arbit...

CVE-2021-38727

FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items...

CVE-2021-38723

FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items...

CVE-2021-38723

FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items...

Dropdown and scrollable Text <= 2.0 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the /index.php file which allows attackers to inject arbitrary web scripts...

CVE-2021-40492

A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php...

Cross site scripting

A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php...

Sql injection

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL MariaDB is being used as the application database. A malicious attacker can issue SQL commands to the MySQL MariaDB database through the index.php username parameter...

CVE-2021-40353

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the index.php USERNAME parameter. NOTE: this issue may exist because of an incomplete fix for CVE-2020-6637...

Sql injection

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the index.php USERNAME parameter. NOTE: this issue may exist because of an incomplete fix for CVE-2020-6637...

CVE-2020-19047

Cross Site Request Forgey CSRF in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component '/index.php?controller=system&action=admineditact'...

CVE-2020-19705

thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add...

CVE-2020-19705

thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add...

CVE-2020-19705

CVE-2020-19705 affects the open‑source CMS component thinkphp-zcms . The vulnerability is a SQL injection achievable through the URL path /index.php?m=home&c=message&a=add, enabling arbitrary SQL execution. Documents do not provide specific affected versions, patch guidance, or exploit details be...

Simple Phone Book/Directory 1.0 SQL Injection

Exploit Title: Simple Phone book/directory 1.0 - 'Username' SQL Injection Unauthenticated Date: 21/08/2021 Exploit Author: Justin White Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/13011/phone-bookphone-directory.html Version: 1.0 Testeted on:...

CVE-2020-18878

Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain sensitive information via the component 'index.php?m=admin&c=Tool&a=log&file=D%3A%5CphpStudy%5CWWW%5Cindex.php'...

CVE-2020-18878

Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain sensitive information via the component 'index.php?m=admin&c=Tool&a=log&file=D%3A%5CphpStudy%5CWWW%5Cindex.php'...