36 matches found
CVE-2024-25309
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacherlogin.php...
PT-2024-20878 · Code Projects · Code-Projects Simple School Managment System
Name of the Vulnerable Software and Affected Versions: Code-projects Simple School Managment System version 1.0 Description: The issue allows SQL Injection via the pass parameter at the "School/teacher login.php" endpoint. This could potentially lead to unauthorized access to sensitive data...
CVE-2024-23058
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function...
CVE-2024-23058
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function...
CVE-2024-23058
CVE-2024-23058 concerns TOTOLINK A3300R, specifically version V17.0.0cu.557_B20221024, which is affected by a command injection in the setTr069Cfg function via the pass parameter. This vulnerability could enable arbitrary command execution on affected devices, as described across multiple sources...
TOTOLINK X6000R 安全漏洞
TOTOLINK X6000R is a wireless router from China Gion Electronics that supports WiFi 6 technology with high concurrent connections and dual-band transmission. TOTOLINK X6000R suffers from a command execution vulnerability that stems from the pass parameter of the sub4119A0 function failing to...
CVE-2022-44844
TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function...
Command injection
TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function...
CVE-2022-44844
CVE-2022-44844 describes a command injection in the TOTOLINK A7100RU (version 7.4cu.2313_B20191024) via the pass parameter in the function setting/setOpenVpnCfg . The vulnerability is documented as a remote (network) issue with no required user interaction and no privileges required, causing high...
CVE-2022-44844
TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function...
CVE-2010-1709
Multiple cross-site scripting XSS vulnerabilities in upload.cgi in G5-Scripts Auto-Img-Gallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 user and 2 pass parameters...
Sql injection
SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the pass parameter...
CVE-2007-3204
SQL injection vulnerability in auth.php in Just For Fun Network Management System JFFNMS 0.8.4-pre2 allows remote attackers to execute arbitrary SQL commands via the pass parameter. NOTE: this issue reportedly exists because of an initial incomplete fix for CVE-2007-3190. The provenance of this...
PT-2007-3853 · Phphoo3 · Phphoo3
Name of the Vulnerable Software and Affected Versions: phpHoo3 affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the ADMIN USER and ADMIN PASS parameters during a login in the admin.php file. However, it is noted that ADMIN USER a...
Sql injection
SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie...
CVE-2004-1782
athenareg.php in Athena Web Registration allows remote attackers to execute arbitrary commands via shell metacharacters in the pass parameter...