5 matches found
PT-2026-56957
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through = 1.3.6...
PT-2026-29977
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search...
CVE-2025-12482 Booking for Appointments and Events Calendar – Amelia <= 1.2.35 - Unauthenticated SQL Injection via search
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 1.2.35 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
PT-2023-17203 · Sourcecodester · Sourcecodester Young Entrepreneur E-Negosyo System
Name of the Vulnerable Software and Affected Versions: SourceCodester Young Entrepreneur E-Negosyo System version 1.0 Description: A critical issue has been found in the system, affecting the file index.php?q=product. The manipulation of the search argument leads to SQL injection. The attack can ...
CVE-2022-26170
Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter...