CVE-2019-11626

CVE-2019-11626 affects doorGets 7.0, where routers/ajaxRouter.php exposes a web site physical path via an ajax/index.php?uri=1234\ request. The published sources (NVD, Red Hat, CNVD, CVE lists) describe an information-disclosure vulnerability in doorGets 7.0’s AJAX router, enabling path leakage. ...

Joomla! Component JiFile 2.3.1 - Arbitrary File Download

Exploit Title: Joomla! Component JiFile 2.3.1 - Arbitrary File Download Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 28, 2019 Vendor Homepage: http://www.isapp.it Software Link :...

CVE-2019-11452

whatsns 4.0 allows index.php?admincategory/remove.html cid SQL injection...

Sql injection

whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection...

Sql injection

whatsns 4.0 allows index.php?inform/add.html qid SQL injection...

CVE-2019-11451

whatsns 4.0 allows index.php?inform/add.html qid SQL injection...

CVE-2019-11452

Whatsns 4.0 is affected by a SQL injection in the admin workflow: index.php?admin_category/remove.html cid[]. The Cy description in connected Red Hat EU and NVD entries confirms that the vulnerability stems from handling of the cid[] parameter, enabling SQL injection. The records do not provide s...

CVE-2019-11451

whatsns 4.0 allows index.php?inform/add.html qid SQL injection...

CVE-2019-11451

CVE-2019-11451 affects the web app "whatsns 4.0". A SQL injection vulnerability exists in the parameterized endpoint: index.php?inform/add.html with the qid parameter. The root cause is unsanitized input leading to SQL injection, enabling an attacker to potentially read/modify data and affect ava...

CVE-2019-11450

CVE-2019-11450 affects Whatsns 4.0, where SQL injection is possible via the title parameter in index.php?question/ajaxadd.html. The issue is documented with CVSS v3.0 base score 9.8 (CRITICAL) and CVSS v2.0 base score 7.5 (HIGH). Affected component: the title field in the ajaxadd endpoint; root c...

Cross site request forgery (csrf)

74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI...

CVE-2019-11374

74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI...

Rukovoditel ERP & CRM 2.4.1 - path Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Rukovoditel ERP & CRM 2.4.1 - 'path' Cross-Site Scripting Exploit Author: Javier Olmedo Website: https://hackpuntes.com Vendor: Rukovoditel Software Link: https://sourceforge.net/projects/rukovoditel/ Affected Version: 2.4.1 and...

Nextcloud: [Reflected XSS] In Request URL

In index.php file on 1765 we can see XSS: " Because NextCloud allow links like: '/index.php/ANYCONTENT' If we will do request like: POST /updater/index.php/h"alert1; HTTP/1.1 Host: vulns.local Content-Type: application/x-www-form-urlencoded Content-Length: 33 updater-secret-input=OURSECRET We wil...

Rukovoditel ERP & CRM 2.4.1 - 'path' Cross-Site Scripting

Exploit Title: Rukovoditel ERP & CRM 2.4.1 - 'path' Cross-Site Scripting Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2019-03-24 Google Dork: N/A Vendor: Rukovoditel Software Link: https://sourceforge.net/projects/rukovoditel/ Affected Version: 2.4.1 and possibly before...

Open redirect

GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter...

CVE-2019-9915

GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter...

CVE-2019-9915

GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter...

CVE-2019-9915

GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter...

CVE-2019-9915

GetSimple CMS 3.3.13 contains an Open Redirect vulnerability exposed via the admin/index.php redirect parameter. An attacker can cause victims to be redirected to a malicious site, with potential for phishing or unauthorized operations depending on the redirected context. The issue is documented ...