780 matches found
CVE-2017-15969
PG All Share Video 1.0 allows SQL Injection via the PATHINFO to search/tag, friends/index, users/profile, or videocatalog/category...
CVE-2017-15959
Adult Script Pro 2.2.4 allows SQL Injection via the PATHINFO to a /download URI, a different vulnerability than CVE-2007-6576...
CVE-2017-15969
CVE-2017-15969 affects PG All Share Video 1.0. Description from CNVD/NVD indicates a SQL injection vulnerability exploitable via PATH_INFO in endpoints such as /search/tag, /friends/index, /users/profile, and /video_catalog/category. The root cause is unsanitized PATH_INFO allowing injected SQL c...
CVE-2017-15964
CVE-2017-15964 affects Job Board Script Software, a web-based recruitment system. The vulnerability is an SQL injection via PATH_INFO to the /job-details URI, allowing an attacker to inject SQL commands. Connected sources (CNVD, CVE records, Exploit-DB/Exploit-Pack entries) confirm the issue and ...
CVE-2017-15959
Adult Script Pro 2.2.4 allows SQL Injection via the PATHINFO to a /download URI, a different vulnerability than CVE-2007-6576...
CVE-2017-15964
Job Board Script Software allows SQL Injection via the PATHINFO to a /job-details URI...
CVE-2017-15969
PG All Share Video 1.0 allows SQL Injection via the PATHINFO to search/tag, friends/index, users/profile, or videocatalog/category...
CVE-2017-15959
CVE-2017-15959 affects Adult Script Pro 2.2.4 . The vulnerability is a SQL injection via the request path (PATH_INFO) to the /download URI, as described in multiple sources. The root cause is unsafely handling PATH_INFO leading to SQL command injection; the issue is reported as a separate vulnera...
Server side request forgery (ssrf)
SSRF exists in Webmin 1.850 via the PATHINFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000...
CVE-2017-15644
SSRF exists in Webmin 1.850 via the PATHINFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000...
CVE-2017-15644
Webmin 1.850 is affected by a Server-Side Request Forgery (SSRF) vulnerability exposed via PATH_INFO to tunnel/link.cgi, demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. This yields potential credentialed/internal access exposure as described across multiple sources. Rem...
CVE-2017-15644
SSRF exists in Webmin 1.850 via the PATHINFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000...
Sql injection
SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATHINFO to search/...
CVE-2017-14703
SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATHINFO to search/...
Cross site scripting
Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to location.php, related to PHPSELF...
CVE-2017-14534
NVD and multiple public feeds confirm CVE-2017-14534 affects NexusPHP 1.5.beta5.20120707. The vulnerability is a Cross Site Scripting (XSS) flaw exploitable via PATH_INFO to location.php, related to PHP_SELF. Impact is limited to partial integrity impact with no confidentiality/availability effec...
CVE-2017-14534
Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to location.php, related to PHPSELF...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 cheaters.php or 2 confirmresend.php...
CVE-2017-12906
Multiple cross-site scripting XSS vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 cheaters.php or 2 confirmresend.php...
Sql injection
HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATHINFO, related to the selectWarning function...