Lucene search
K

963 matches found

CVE
CVE
added 2026/04/05 8:45 p.m.6 views

CVE-2019-25674

CMSsite 1.0 is affected by an SQL injection vulnerability in the post parameter that can be exploited via GET requests to post.php. The vulnerability allows unauthenticated attackers to manipulate database queries, potentially extracting sensitive data or performing time-based blind SQL injection...

9.8CVSS6AI score0.00405EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/05 8:45 p.m.7 views

CVE-2019-25674

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perfor...

8.8CVSS6AI score0.00405EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/05 8:45 p.m.22 views

CVE-2019-25674 CMSsite 1.0 SQL Injection via post Parameter

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perfor...

8.8CVSS0.00405EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.9 views

Victor CMS SQL注入漏洞

Victor CMS is an open-source content management system developed by Victor Alagwu in Nigeria. Version 1.0 of Victor CMS has a SQL injection vulnerability. This vulnerability stems from post parameters that allow SQL injections, which may enable unverified attackers to manipulate database queries,...

9.8CVSS5.8AI score0.00405EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.9 views

PT-2026-30483

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perfor...

8.8CVSS6AI score0.00405EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.4 views

CVE-2026-3975

A security flaw has been discovered in Tenda W3 1.0.0.32204. This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component POST Parameter Handler. Performing a manipulation of the argument wlradio results in stack-based buffer overflow. It is possible ...

9CVSS7.9AI score0.00655EPSS
Exploits1References1
CVE
CVE
added 2026/03/24 9:42 p.m.12 views

CVE-2026-4777

CVE-2026-4777 affects SourceCodester Sales and Inventory System 1.0, specifically the POST Parameter Handler’s file view_supplier.php. The vulnerability arises from manipulating the searchtxt argument, enabling SQL injection. The issue can be exploited remotely and, according to the sources, the ...

6.5CVSS5.7AI score0.00245EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.4 views

PT-2026-27373

Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, an...

8.8CVSS6.3AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.5 views

Wavlink WL-WN578W2 代码注入漏洞

Wavlink WL-WN578W2 is a wireless repeater produced by Wavlink Corporation. The Wavlink WL-WN578W2 version 221110 contains a code injection vulnerability. This vulnerability stems from incorrect handling of parameters such as homepage/hostname/loginpage in the POST request processing component,...

4.8CVSS5.7AI score0.0026EPSS
Exploits1References7
EUVD
EUVD
added 2026/03/16 3:30 p.m.3 views

EUVD-2015-9411

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by...

7.2CVSS5.9AI score0.00267EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/16 3:30 p.m.4 views

EUVD-2015-9423

Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'uid' in /admin/users.php and the POST parameter 'agent' in /admin/mailer.php. Attackers can...

8.8CVSS6.1AI score0.00418EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/16 3:30 p.m.7 views

EUVD-2016-10823

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

8.8CVSS5.8AI score0.00209EPSS
Exploits2References4
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

ZKTeco ZKAccess Security System 跨站脚本漏洞

ZKTeco ZKAccess Security System is an access control and security management system developed by ZKTeco Technology. Version 5.3.1 of ZKTeco ZKAccess Security System contains a cross-site scripting vulnerability. This vulnerability arises from improper cleaning of the holidayname and memo POST...

7.2CVSS5.9AI score0.00259EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

Qool CMS 跨站脚本漏洞

Qool CMS is a content management system developed by basdog22. Qool CMS has a cross-site scripting vulnerability, which stems from improper cleaning of POST parameters in multiple management scripts. This vulnerability could allow attackers to inject malicious JavaScript code to execute arbitrary...

8.7CVSS6AI score0.00356EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/12 3:36 p.m.2 views

CVE-2019-25514 Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data...

8.8CVSS5.9AI score0.00512EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/12 9:31 a.m.4 views

EUVD-2026-11540

A flaw has been found in Tenda W3 1.0.0.32204. This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotel...

9CVSS6.3AI score0.00635EPSS
Exploits1References8
EUVD
EUVD
added 2026/03/12 9:31 a.m.4 views

EUVD-2026-11538

A vulnerability was detected in Tenda W3 1.0.0.32204. This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack...

9CVSS6.4AI score0.00619EPSS
Exploits1References6
NVD
NVD
added 2026/03/12 7:16 a.m.3 views

CVE-2026-4007

A vulnerability was detected in Tenda W3 1.0.0.32204. This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack...

9CVSS0.00619EPSS
Exploits1References5
NVD
NVD
added 2026/03/12 7:16 a.m.5 views

CVE-2026-4008

A flaw has been found in Tenda W3 1.0.0.32204. This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotel...

9CVSS0.00635EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/03/12 6:32 a.m.3 views

CVE-2026-4008 Tenda W3 POST Parameter wifiSSIDset stack-based overflow

A flaw has been found in Tenda W3 1.0.0.32204. This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotel...

9CVSS6.3AI score0.00635EPSS
Exploits1References7
Rows per page
Query Builder