198 matches found
CVE-2023-33734
BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php...
CVE-2023-33734
BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php...
BlueCMS SQL注入漏洞
BlueCMS is a content management system CMS based on PHP and MySQL. A security vulnerability exists in BlueCMS v1.6, which can be exploited for SQL injection via the keywords parameter in search.php...
PT-2023-24462 · Bluecms · Bluecms
Name of the Vulnerable Software and Affected Versions: BlueCMS version 1.6 Description: A SQL injection issue was found in BlueCMS via the keywords parameter at the "search.php" endpoint. Recommendations: For BlueCMS version 1.6, avoid using the keywords parameter in the "search.php" endpoint unt...
CVE-2023-33734
BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php...
CVE-2023-27091
An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameters...
CVE-2023-27091
An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameters...
CVE-2023-27091
An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameters...
XiaoBingby TeaCMS 授权问题漏洞
XiaoBingBy TeaCMS is a blog system by xiaobingby personal developer. A security vulnerability exists in XiaoBingby TeaCMS 2.3.3, which stems from an unauthorized access issue in the system that can be exploited by an attacker to elevate privileges via the id and keywords parameters...
Zhongbang CRMEB SQL注入漏洞
Zhongbang CRMEB is an open source e-commerce management system from Zhongbang Networks Zhongbang in Xi'an, China. Zhong Bang CRMEB Java version 1.3.4 suffers from a SQL injection vulnerability, which stems from the operation of the parameter keywords can lead to sql injection...
PT-2023-16793 · Zhong Bang · Zhong Bang Crmeb Java
Name of the Vulnerable Software and Affected Versions: Zhong Bang CRMEB Java version 1.3.4 Description: A critical issue has been found, affecting the /api/admin/system/store/order/list endpoint. The manipulation of the keywords argument leads to SQL injection. The exploit has been disclosed to t...
CVE-2022-45019
SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter...
CVE-2022-45019
SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter...
SLiM SQL注入漏洞
SLiM Simple Login Manager is a simple, lightweight and easy to configure login manager. A security vulnerability exists in SLiM 9 Bulian v9.5.0, which originates from SQL injection via the keywords parameter...
CVE-2022-45019
SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the keywords parameter in the management toolbar search. An attacker can execute arbitrary web scripts or inject HTML by supplying crafted input. Details Cross-site scripting or XSS is a code vulnerability...
GHSA-9536-M86R-Q297 Liferay Portal vulnerable to cross-site scripting (XSS) via the keywords parameter
Liferay Portal v7.4.1 and below was discovered to contain a cross-site scripting XSS vulnerability via the keywords parameter under the Frontend Taglib module before 7.1.15...
Cross site scripting
Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter. This issue is caused by an incomplete fix in CVE-2021-35463...
CVE-2021-38264
Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter. This issue is caused by an incomplete fix in CVE-2021-35463...
CVE-2021-38264
CVE-2021-38264 affects Liferay Portal’s Frontend Taglib module in versions 7.4.0 and 7.4.1 , enabling XSS via the management toolbar search keywords parameter . The issue stems from an incomplete fix in CVE-2021-35463. The Connected documents confirm the affected product/version and the underlyin...