SQL Injection

Overview showdoc/showdoc is a tool for an IT team to share documents online. Affected versions of this package are vulnerable to SQL Injection via the pages argument in the API Page Sort Endpoint process. An attacker can execute arbitrary SQL commands by sending crafted requests to the affected...

BookStack 访问控制错误漏洞

BookStack is a simple, self-hosted, and easy-to-use platform by BookStack Inc. It is used for organizing and storing information. Versions of BookStack prior to 26.03 contained a security vulnerability related to access control. This vulnerability stemmed from improper handling of the pages...

code-projects Content Management System SQL注入漏洞

Code-Projects Content Management System is an open source content and management system from Code-Projects. A SQL injection vulnerability exists in code-projects Content Management System version 1.0, which stems from incorrect manipulation of the parameter ID in the file /pages.php, which could...

EUVD-2022-31200

Malicious code in bioql PyPI...

CVE-2022-26646

Online Banking System Protect v1.0 was discovered to contain a local file inclusion LFI vulnerability via the pages parameter...

CVE-2022-26646

Online Banking System Protect v1.0 was discovered to contain a local file inclusion LFI vulnerability via the pages parameter...

CVE-2022-26646

Online Banking System Protect v1.0 was discovered to contain a local file inclusion LFI vulnerability via the pages parameter...

PT-2022-17978

Name of the Vulnerable Software and Affected Versions Online Banking System Protect version 1.0 Description The issue is related to a local file inclusion LFI vulnerability. This vulnerability can be exploited via the pages parameter. Recommendations For Online Banking System Protect version 1.0,...

g33kyrash Online Banking System 安全漏洞

g33kyrash Online Banking System is an online banking system developed by g33kyrash Personal Developer using PHP and MySQL. A security vulnerability exists in Online Banking System Protect version 1.0, which originates from the pages parameter...

Codoforum 跨站脚本漏洞

Codoforum is a set of PHP and MySQL based forum software. A cross-site scripting vulnerability exists in Codoforum version 5.0.2, which can be exploited by an authenticated attacker to execute arbitrary web script or HTML via a crafted payload with the "Pages" parameter...

Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2020-18551)

Ignite Realtime Openfire is a real-time collaboration RTC server licensed under the open source Apache license. A cross-site scripting vulnerability exists in Ignite Realtime Openfire 4.4.1. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via the...