CVE-2022-30053

In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks...

Subrion CMS PHP Object Injection

includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request...

Online Sports Complex Booking System SQL注入漏洞

Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. page=user/manageuser&id= lacks validation of external input SQL statements, which can be exploited to execute illegal SQL commands to steal sensitive database data...

Online Sports Complex Booking System SQL注入漏洞

Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. Online Sports Complex Booking System version 1.0 is vulnerable to a SQL injection vulnerability that originates in scbs/classes/ Master.php?f=deletecategory, the id parameter of the po...

Cross-site Scripting (XSS) via Cookie Value

Description The is an XSS could be trigger via cookie value. Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded...

CSV Injection

Overview csv-safe is a decorates the ruby CSV library to sanitize output CSV against CSV injection attacks. Affected versions of this package are vulnerable to CSV Injection by not filtering out special characters % and |. Remediation Upgrade csv-safe to version 3.0.0 or higher. References - GitH...

CSV-Safe gem 安全漏洞

The CSV-Safe gem is a library to prevent CSV injection attacks. A security vulnerability exists in versions of the CSV-Safe gem prior to 3.0.0 that stems from not however filtering out special characters that could trigger CSV injection...

CVE-2022-28420

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=...

Input validation

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input...

CVE-2022-20693

Summary of CVE-2022-20693 (Cisco IOS XE Web UI API Injection) : A vulnerability in the Cisco IOS XE Software web UI API could allow an authenticated, remote attacker to inject commands into the underlying OS with root privileges due to insufficient input validation. Exploitation would involve sen...

CVE-2022-1159

Rockwell Automation Studio 5000 Logix Designer all versions are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user...

CVE-2022-26249

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack...

CVE-2022-26249

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack...

CVE-2022-26249

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack...

CVE-2022-26249

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack...

CVE-2022-25221

Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code...

WordPress Podcast Importer SecondLine plugin SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Podcast Importer SecondLine plugin versions...

Sourcecodester Hospital Patient Records Management System SQL注入漏洞

Sourcecodester Hospital Patient Records Management System is a web-based application that provides an automated platform for hospitals to store and manage their patient records. sourcecodester Hospital Patient Record Management System v1.0 is vulnerable to SQL injection. The vulnerability is caus...

Ibexa Dxp 注入漏洞

Ibexa Dxp is a single technology stack digital experience platform from Ibexa Norway. Used to help B2B companies transform traditional sales strategies into frictionless buying experiences. A security vulnerability exists in Ibexa Dxp, which originated in Ibexa DXP ezsystems/ezpublish-kernel...

CVE-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...