7210 matches found
CVE-2018-16724
The CVE-2018-16724 entry concerns baijiacms V4 with a reported Blind SQL Injection through the order parameter in the request using the path index.php?act=index . Connected documents corroborate this vulnerability as a SQL injection issue, with descriptions noting remote attackers could leverage ...
CVE-2018-16549
HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter...
CVE-2018-16549
CVE-2018-16549 affects HScripts PHP File Browser Script v1.0. The vulnerability is a directory traversal flaw in the index.php path parameter that can enable reading of arbitrary files, as described by multiple sources (CNVD-2018-19431, RH and NVD entries). The root cause is improper validation o...
Sql injection
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter...
CVE-2018-16352
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used...
CVE-2018-16353
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter...
CVE-2018-16352
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used...
CVE-2018-16354
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter...
CVE-2018-16354
CVE-2018-16354 affects FHCRM (free/open source product management system). The connected CNVD/CVE records describe a SQL injection vulnerability exposed by the index.php/User/read limit parameter, with attackers potentially executing arbitrary SQL commands. FHCRM versions up to 2018-02-11 are imp...
Design/Logic Flaw
WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic formstatcode parameter...
Code injection
CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php...
CVE-2018-15562
CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php...
CVE-2018-15562
CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php...
CVE-2018-15562
CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php...
CVE-2018-15562
CMS ISWEB 3.5.3 is affected by a Cross-Site Scripting (XSS) vulnerability in index.php, exploitable via the parameters ordineRis, sezioneRicerca, or oggettiRicerca. The issue allows injection of arbitrary scripts/HTML, enabling remote attackers to run client-side code. Documented exploitation was...
Sql injection
A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter...
CVE-2018-15893
A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter...
CVE-2018-15894
A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter...
CVE-2018-15893
CVE-2018-15893: A SQL injection vulnerability exists in WUZHI CMS 4.1.0 in /coreframe/app/admin/copyfrom.php, exploitable via index.php?m=core&f=copyfrom&v=listing keywords parameter. NVD/OSV entries show CVSS v3.0 base score 9.8 (CRITICAL) and CVSS v2.0 base 7.5 with NETWORK attack vector and no...
CVE-2017-18345
The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=comjoomanager&controller=details&task=download&path=configuration.php request...