Lucene search
+L

271 matches found

CNVD
CNVD
added 2021/12/24 12:0 a.m.14 views

Nodejs Command Injection Vulnerability

nodejs is a JavaScript runtime environment based on the ChromeV8 engine through the Chromev8 engine for the packaging and the use of event-driven and non-blocking IO applications so that the development of high-performance Javascript background applications has become possible . A command injecti...

9.8CVSS9.7AI score0.04063EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2021/12/22 6:15 a.m.3 views

CVE-2021-45459

lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter...

9.8CVSS7.3AI score0.04063EPSS
Exploits1References4
Prion
Prion
added 2021/12/22 6:15 a.m.18 views

Command injection

lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter...

7.5CVSS9.8AI score0.04063EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/10/07 10:15 p.m.5 views

CVE-2020-21725

OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter...

9.8CVSS7.3AI score0.01239EPSS
Exploits1References1
NVD
NVD
added 2021/10/07 10:15 p.m.30 views

CVE-2020-21725

OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter...

9.8CVSS0.01239EPSS
Exploits1References1
Prion
Prion
added 2021/10/07 10:15 p.m.17 views

Sql injection

OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter...

7.5CVSS9.7AI score0.01239EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/10/07 9:28 p.m.30 views

CVE-2020-21725

OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter...

9.8AI score0.01239EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/10/07 12:0 a.m.5 views

嘉兴想天信息科技 OpenSNS SQL注入漏洞

OpenSNS is a comprehensive social software developed by Thinking Sky. A SQL blind injection vulnerability exists in the pid parameter in /Controller/ChinaCityController.class.php in OpenSNS version 6.1.0. An attacker can exploit this vulnerability to obtain sensitive database information...

9.8CVSS8.6AI score0.01239EPSS
Exploits1References2
OSV
OSV
added 2021/08/27 7:15 p.m.5 views

CVE-2021-3264

SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php...

7.2CVSS5.8AI score0.00875EPSS
Exploits1References1
Prion
Prion
added 2021/08/27 7:15 p.m.21 views

Sql injection

SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php...

6.5CVSS7.4AI score0.00875EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/08/27 12:0 a.m.9 views

Cxuucms SQL注入漏洞

cxuucms is a PHP-based content relationship building system. cxuucms version 3.1 has a SQL injection vulnerability that originates from setting the pid parameter in public/admin.php, which can be exploited by attackers to obtain sensitive database information...

7.2CVSS5.9AI score0.00875EPSS
Exploits1References1
Veracode
Veracode
added 2020/07/24 4:25 a.m.9 views

OS Command Injection

xps is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via the pid parameter due to the lack of sanitisation and validation...

5.2AI score
Exploits0
OSV
OSV
added 2019/10/21 1:15 a.m.18 views

CVE-2019-16862

Reflected XSS in interface/forms/eyemag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter...

6.1CVSS7AI score0.01475EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/10/21 12:16 a.m.21 views

CVE-2019-16862

Reflected XSS in interface/forms/eyemag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter...

7.1AI score0.01475EPSS
Exploits0References2
CNVD
CNVD
added 2019/10/21 12:0 a.m.5 views

OpenEMR Cross-Site Scripting Vulnerability (CNVD-2019-43372)

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A reflected cross-site scripting vulnerability exists in interface/forms/eyemag/view.php in OpenEMR. An attacker can exploit this vulnerability to execute arbitrary code in the context of a user...

6.1CVSS6.8AI score0.01475EPSS
Exploits0References1
OSV
OSV
added 2019/09/13 1:15 p.m.4 views

CVE-2016-10951

The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter...

7.2CVSS5.8AI score0.01918EPSS
Exploits2References3
Cvelist
Cvelist
added 2019/09/13 12:10 p.m.18 views

CVE-2016-10951

The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter...

7.6AI score0.01918EPSS
Exploits2References3
OSV
OSV
added 2018/12/27 3:29 p.m.6 views

CVE-2018-20519

An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a job-search intention, as demonstrated by the index.php?c=Personal&a=ajaxsavebasic pid parameter...

8.1CVSS5.9AI score0.01003EPSS
Exploits1References1
OSV
OSV
added 2018/09/06 4:29 p.m.8 views

CVE-2018-16606

In ProConf before 6.1, an Insecure Direct Object Reference IDOR allows any author to view and grab all submitted papers Title and Abstract and their authors' personal information Name, Email, Organization, and Position by changing the value of Paper ID the pid parameter...

6.5CVSS5.8AI score0.05949EPSS
Exploits3References2
CNVD
CNVD
added 2018/04/10 12:0 a.m.4 views

idreamsoft iCMS SQL Injection Vulnerability

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in idreamsoft iCMS 7.0.7 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the 'pid' array parameter in the...

9.8CVSS8.7AI score0.01468EPSS
Exploits1References1
Rows per page
Query Builder