PT-2024-1172 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: A critical issue affects the setLanguageCfg function of the /cgi-bin/cstecgi.cgi file, where the manipulation of the lang argument leads to a stack-based buffer overflow. This can b...

SEMCMS SQL Injection Vulnerability (CNVD-2024-06232)

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. A SQL injection vulnerability exists in SEMCMS v4.8, which originates from the lack of validation of externally entered SQL statements via the languageID parameter in /webinc.php. The vulnerability can b...

CVE-2022-40361

Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint...

Cross site scripting

Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint...

Elite CRM 跨站脚本漏洞

Elite CRM is a customer relationship management system. A cross-site scripting vulnerability exists in Elite CRM v1.2.11, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary code via the langua...

VulnCheck KEV: CVE-2020-11546

SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection...

PT-2023-24384 · Ocomon · Ocomon

Name of the Vulnerable Software and Affected Versions: OcoMon versions prior to 4.0.1 Description: A local file inclusion issue via the lang parameter allows attackers to execute arbitrary code by supplying a crafted PHP file. This can be achieved by exploiting the vulnerability in the lang...

TOTOLINK X5000R setLanguageCfg Function Code Execution Vulnerability

TOTOLINK X5000R is a wireless router from TOTOLINK that supports Wi-Fi 6 technology with full coverage Mesh system and dual band transmission. The TOTOLINK X5000R suffers from a code execution vulnerability that stems from the lang parameter of the setLanguageCfg function failing to properly filt...

CVE-2023-39617

TOTOLINK X5000RV9.1.0cu.2089B20211224 and X5000RV9.1.0cu.2350B20230313 were discovered to contain a remote code execution RCE vulnerability via the lang parameter in the setLanguageCfg function...

CVE-2023-39617

TOTOLINK X5000RV9.1.0cu.2089B20211224 and X5000RV9.1.0cu.2350B20230313 were discovered to contain a remote code execution RCE vulnerability via the lang parameter in the setLanguageCfg function...

PT-2023-27035 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R versions V9.1.0cu.2089 B20211224 through V9.1.0cu.2350 B20230313 Description: A remote code execution issue was discovered, allowing exploitation via the lang parameter in the setLanguageCfg function. This enables unauthorized...

CVE-2023-37170

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain an unauthenticated remote code execution RCE vulnerability via the lang parameter in the setLanguageCfg function...

CVE-2023-27076

Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter...

CVE-2023-27076

Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter...

CVE-2023-27076

Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter...

Tenda G103 操作系统命令注入漏洞

The Tenda G103 is a GPON fiber access device designed for home and SOHO users from Tenda. An operating system command injection vulnerability exists in Tenda G103 v.1.0.0.5, which can be exploited to execute arbitrary code via the language parameter...

PT-2023-3040 · Tenda · Tenda G103

Name of the Vulnerable Software and Affected Versions: Tenda G103 version 1.0.0.5 Description: A command injection issue allows an attacker to execute arbitrary code via the language parameter. This can compromise the integrity, availability, and confidentiality of protected information. The...

SUSE CVE-2006-2417

Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031...

SUSE CVE-2007-1473

Cross-site scripting XSS vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the newlang parameter to login.php...

SUSE CVE-2008-5587

Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when registerglobals is enabled, allows remote attackers to read arbitrary files via a .. dot dot in the language parameter to index.php...