Sql injection

SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'...

CVE-2020-18877

SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'...

CVE-2020-18164

SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter...

CVE-2020-18164

SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter...

CVE-2020-18164

SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter...

TPshop SQL注入漏洞

TPshop is a new retail smart e-commerce ecosystem. TPshop security vulnerability, the vulnerability stems from the index.php home api store fBill parameter may lead to SQL injection vulnerability...

CVE-2021-38758

Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php...

CVE-2021-38758

Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php...

Directory traversal

Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php...

CVE-2021-38758

CVE-2021-38758 affects the Online Catering Reservation System 1.0. The vulnerability is a directory traversal due to lack of validation in index.php, allowing access to restricted files as described in the CVE entry. NVD lists CVSS v3.1 base score 7.5 (Network, Low complexity, No privileges, No u...

Nagios XI file inclusion vulnerability

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A local file inclusion vulnerability exists in versions of Nagios XI prior to 5.8.5. The vulnerability stems from an improper...

CVE-2021-37348

Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php...

CVE-2021-37348

Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php...

TypoFR <= 0.11 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the text function found in the /vendor/OrgHeigl/Hyphenator/index.php file which allows attackers to inject arbitrary web scripts...

Nagios XI 输入验证错误漏洞

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A local file inclusion vulnerability exists in versions of Nagios XI prior to 5.8.5. The vulnerability stems from an improper...

CVE-2020-20977

A stored cross site scripting XSS vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section...

CVE-2021-37389

CVE-2021-37389 affects Chamilo 1.11.14. The vulnerability is a stored XSS in the installer paths main/install/index.php and main/install/ajax.php via the port parameter. The connected documents consistently describe this CVE as a stored XSS issue in Chamilo LMS and do not provide exploitation det...

CVE-2021-38149

index.php/admin/adduser in Chikitsa Patient Management System 2.0.0 allows XSS...

Cross site scripting

index.php/admin/adduser in Chikitsa Patient Management System 2.0.0 allows XSS...

Cross site scripting

index.php/appointment/todos in Chikitsa Patient Management System 2.0.0 allows XSS...