CVE-2026-35023

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...

CVE-2026-35023

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...

CVE-2026-35023 Wimi Teamwork On-Premises < 8.2.0 IDOR via preview.php

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...

PT-2026-31307

Name of the Vulnerable Software and Affected Versions Wimi Teamwork On-Premises versions prior to 8.2.0 Description Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference issue in the /preview.php endpoint. The item id parameter does not have sufficient...

CVE-2025-13233

A vulnerability has been found in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /index.php?q=single-item. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to...

EUVD-2005-1634

Malware in sbrugna...

Argument Injection

Overview Affected versions of this package are vulnerable to Argument Injection via the FFmpeg codec. An attacker in possession of a valid itemId can execute arbitrary code by injecting unsanitized parameters at the /Videos//stream or /Videos//stream. endpoints. Remediation Upgrade...

PT-2025-16473 · Jellyfin +1 · Jellyfin +1

Name of the Vulnerable Software and Affected Versions: Jellyfin versions prior to 10.10.7 Description: Jellyfin is an open source self-hosted media server. The issue concerns argument injection in FFmpeg, which can potentially lead to remote code execution by anyone with credentials to a...

SUSE CVE-2010-1431

SQL injection vulnerability in templatesexport.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the exportitemid parameter...

CVE-2021-29661

Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diagvalues.html Stored XSS via the ITEMLISTVALUESITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it...

CVE-2018-18801

The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=SQL or index.php?q=single-item&id=SQL...

Tiny Tiny RSS SQL Injection Vulnerability

A blind injection vulnerability exists in $itemid in Tiny Tiny RSS processcategoryorder. An attacker is able to connect to the library database and execute database statements...

WordPress Plugin WonderPlugin Audio Player Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WonderPlugin Audio Player is one of the audio player plugin. WordPress WonderPlugin Audio Player plugin 2.0 and...

No title provided

SQL injection vulnerability in templatesexport.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the exportitemid parameter...

DEBIAN-CVE-2010-1431

SQL injection vulnerability in templatesexport.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the exportitemid parameter...

CVE-2010-1431

SQL injection vulnerability in templatesexport.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the exportitemid parameter...

PT-2006-3886 · Viart · Viart Shop

Name of the Vulnerable Software and Affected Versions: ViArt Shop Free version 2.5.5 Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the forum id parameter in "forum.php", which is not properly handled in "block forum topics.php", an...

philbookmark.txt

From: [email protected] Subject: Phil's Bookmark script admin By-pass google dork : "Phil's Bookmark" and lasth path add to "admin.php?edit=item id" example: www.site.com/bookmarks/admin.php?edit=1 www.ayyildiz.org...