Lucene search
K

36 matches found

OSV
OSV
added 2024/02/09 1:15 p.m.4 views

CVE-2024-25309

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacherlogin.php...

8.8CVSS5.8AI score0.00706EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/02/09 12:0 a.m.4 views

PT-2024-20878 · Code Projects · Code-Projects Simple School Managment System

Name of the Vulnerable Software and Affected Versions: Code-projects Simple School Managment System version 1.0 Description: The issue allows SQL Injection via the pass parameter at the "School/teacher login.php" endpoint. This could potentially lead to unauthorized access to sensitive data...

8.8CVSS8.9AI score0.00706EPSS
Exploits1References6
NVD
NVD
added 2024/01/11 4:15 p.m.20 views

CVE-2024-23058

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function...

9.8CVSS9.8AI score0.01654EPSS
Exploits1References1
OSV
OSV
added 2024/01/11 4:15 p.m.3 views

CVE-2024-23058

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function...

9.8CVSS5.8AI score0.01654EPSS
Exploits1References1
CVE
CVE
added 2024/01/11 12:0 a.m.64 views

CVE-2024-23058

CVE-2024-23058 concerns TOTOLINK A3300R, specifically version V17.0.0cu.557_B20221024, which is affected by a command injection in the setTr069Cfg function via the pass parameter. This vulnerability could enable arbitrary command execution on affected devices, as described across multiple sources...

9.8CVSS9.8AI score0.01654EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.5 views

TOTOLINK X6000R 安全漏洞

TOTOLINK X6000R is a wireless router from China Gion Electronics that supports WiFi 6 technology with high concurrent connections and dual-band transmission. TOTOLINK X6000R suffers from a command execution vulnerability that stems from the pass parameter of the sub4119A0 function failing to...

9.8CVSS7.6AI score0.01536EPSS
Exploits1References1
NVD
NVD
added 2022/11/25 8:15 p.m.23 views

CVE-2022-44844

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function...

9.8CVSS0.01958EPSS
Exploits1References1
Prion
Prion
added 2022/11/25 8:15 p.m.19 views

Command injection

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function...

7.5CVSS9.8AI score0.01958EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/11/25 12:0 a.m.60 views

CVE-2022-44844

CVE-2022-44844 describes a command injection in the TOTOLINK A7100RU (version 7.4cu.2313_B20191024) via the pass parameter in the function setting/setOpenVpnCfg . The vulnerability is documented as a remote (network) issue with no required user interaction and no privileges required, causing high...

9.8CVSS9.7AI score0.01958EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/11/25 12:0 a.m.26 views

CVE-2022-44844

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function...

10AI score0.01958EPSS
Exploits1References1
NVD
NVD
added 2010/05/04 4:0 p.m.18 views

CVE-2010-1709

Multiple cross-site scripting XSS vulnerabilities in upload.cgi in G5-Scripts Auto-Img-Gallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 user and 2 pass parameters...

4.3CVSS5.8AI score0.01073EPSS
Exploits1References4
Prion
Prion
added 2009/02/25 4:30 p.m.18 views

Sql injection

SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the pass parameter...

7.5CVSS8.9AI score0.00952EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2007/06/12 11:30 p.m.32 views

CVE-2007-3204

SQL injection vulnerability in auth.php in Just For Fun Network Management System JFFNMS 0.8.4-pre2 allows remote attackers to execute arbitrary SQL commands via the pass parameter. NOTE: this issue reportedly exists because of an initial incomplete fix for CVE-2007-3190. The provenance of this...

7.5CVSS6.2AI score0.01087EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2007/05/09 12:0 a.m.4 views

PT-2007-3853 · Phphoo3 · Phphoo3

Name of the Vulnerable Software and Affected Versions: phpHoo3 affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the ADMIN USER and ADMIN PASS parameters during a login in the admin.php file. However, it is noted that ADMIN USER a...

9.8CVSS8.4AI score0.01346EPSS
Exploits1References8
Prion
Prion
added 2006/03/02 11:2 p.m.21 views

Sql injection

SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie...

7.5CVSS8.7AI score0.02455EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2005/05/10 4:0 a.m.12 views

CVE-2004-1782

athenareg.php in Athena Web Registration allows remote attackers to execute arbitrary commands via shell metacharacters in the pass parameter...

7.6AI score0.25678EPSS
Exploits1References2
Rows per page
Query Builder