126 matches found
EUVD-2026-30255
The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwarsaverecipe AJAX handler. This makes it possible for unauthenticated...
CVE-2018-25159
Epross AVCON6 systems management platform contains an object-graph navigation language OGNL injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OG...
CVE-2016-20030
ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to...
CVE-2016-20030 ZKTeco ZKBioSecurity 3.0 User Enumeration via authLoginAction
ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to...
EUVD-2019-19815
Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to the loginaction.php endpoint with crafted SQL payloads in the...
EUVD-2019-19814
Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with crafted SQL payloads in the Email field to extract...
CVE-2019-25541
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. The affected vectors include id in index.php and Email in loginaction.php, enabling time-based blind payloads to extract sen...
CVE-2019-25535 Netartmedia PHP Dating Site SQL Injection via loginaction.php
Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with time-based SQL injection payloads in the Email field ...
CVE-2019-25535
The CVE-2019-25535 entry concerns Netartmedia PHP Dating Site. It describes an SQL injection vulnerability in the login flow where an unauthenticated attacker can inject SQL via the Email field in loginaction.php, using time-based payloads to extract sensitive database information. Affected compo...
CVE-2019-25533 Netartmedia PHP Business Directory 4.2 SQL Injection via loginaction.php
Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to the loginaction.php endpoint with crafted SQL payloads in the...
PT-2026-24992
Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with crafted SQL payloads in the Email field to extract...
EUVD-2018-21653
Epross AVCON6 systems management platform contains an object-graph navigation language OGNL injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OG...
CVE-2018-25159
Epross AVCON6 systems management platform contains an object-graph navigation language OGNL injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OG...
CVE-2018-25159
CVE-2018-25159 affects the Epross AVCON6 system management platform. An OGNL injection in login.action allows unauthenticated attackers to inject OGNL payloads via the redirect parameter to instantiate ProcessBuilder and execute arbitrary commands with root privileges. Impact is described as high...
CVE-2018-25159
Epross AVCON6 systems management platform contains an object-graph navigation language OGNL injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OG...
CVE-2018-25159 Epross AVCON6 OGNL Remote Code Execution via login.action
Epross AVCON6 systems management platform contains an object-graph navigation language OGNL injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OG...
CVE-2018-25159 Epross AVCON6 OGNL Remote Code Execution via login.action
Epross AVCON6 systems management platform contains an object-graph navigation language OGNL injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OG...
PT-2026-24788
Epross AVCON6 systems management platform contains an object-graph navigation language OGNL injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OG...
CVE-2025-63742
SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid...
CVE-2025-63742
SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid...