EUVD-2018-21821

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database informatio...

CVE-2018-25300 XATABoost CMS 1.0.0 SQL Injection via news.php

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database informatio...

CVE-2018-25300

XATABoost CMS 1.0.0 is affected by a union-based SQL injection via the id parameter in news.php, enabling unauthenticated attackers to manipulate queries and potentially extract sensitive database information. The vulnerability is evidenced in CVE-2018-25300 with CVSS v3.1 base score 8.2 ( HIGH )...

PT-2026-35983

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database informatio...

CVE-2020-37111

60CycleCMS 2.5.2 contains a cross-site scripting XSS vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browser...

CVE-2020-37111 60CycleCMS 2.5.2 - 'news.php' Cross-site Scripting (XSS) Vulnerability

60CycleCMS 2.5.2 contains a cross-site scripting XSS vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browser...

CVE-2020-37110

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modif...

CVE-2020-37110 60CycleCMS 2.5.2 - 'news.php' SQL Injection Vulnerability

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modif...

PT-2026-5856

60CycleCMS 2.5.2 contains a cross-site scripting XSS vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browser...

EUVD-2020-16431

Malware in sbrugna...

EUVD-2009-1502

Malware in sbrugna...

CVE-2024-0262

A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Admin/News.php of the component Create News Page. The manipulation of the argument News with the input leads to cross site scripting. The attack may ...

CVE-2020-23689

In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments section of the news page...

CVE-2010-4721

SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2025-0346

A vulnerability was found in code-projects Content Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/publishnews.php of the component Publish News Page. The manipulation of the argument image leads to unrestricted upload. It is possible to...

CVE-2025-0346 code-projects Content Management System Publish News Page publishnews.php unrestricted upload

A vulnerability was found in code-projects Content Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/publishnews.php of the component Publish News Page. The manipulation of the argument image leads to unrestricted upload. It is possible to...

PT-2025-3841 · Unknown · Code-Projects Hotel Management System

Name of the Vulnerable Software and Affected Versions: code-projects Content Management System version 1.0 Description: A critical issue has been found in the code-projects Content Management System. It affects an unknown part of the file /admin/publishnews.php of the component Publish News Page...

Cross-site Scripting (XSS)

phpMyFAQ is vulnerable to Cross-site Scripting XSS. The vulnerability is due to inadequate input validation of the "news" parameter in a POST request, allowing an attacker to inject malicious JavaScript code. Upon visiting the compromised news page, the XSS payload is triggered...

PT-2024-2384 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.2.6 Description: The issue is related to the manipulation of the news parameter in a POST request, allowing an attacker to inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS...

CVE-2024-0262

A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Admin/News.php of the component Create News Page. The manipulation of the argument News with the input alert0x00C57D leads to cross site scripting. T...