271 matches found
Nodejs Command Injection Vulnerability
nodejs is a JavaScript runtime environment based on the ChromeV8 engine through the Chromev8 engine for the packaging and the use of event-driven and non-blocking IO applications so that the development of high-performance Javascript background applications has become possible . A command injecti...
CVE-2021-45459
lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter...
Command injection
lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter...
CVE-2020-21725
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter...
CVE-2020-21725
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter...
Sql injection
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter...
CVE-2020-21725
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter...
嘉兴想天信息科技 OpenSNS SQL注入漏洞
OpenSNS is a comprehensive social software developed by Thinking Sky. A SQL blind injection vulnerability exists in the pid parameter in /Controller/ChinaCityController.class.php in OpenSNS version 6.1.0. An attacker can exploit this vulnerability to obtain sensitive database information...
CVE-2021-3264
SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php...
Sql injection
SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php...
Cxuucms SQL注入漏洞
cxuucms is a PHP-based content relationship building system. cxuucms version 3.1 has a SQL injection vulnerability that originates from setting the pid parameter in public/admin.php, which can be exploited by attackers to obtain sensitive database information...
OS Command Injection
xps is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via the pid parameter due to the lack of sanitisation and validation...
CVE-2019-16862
Reflected XSS in interface/forms/eyemag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter...
CVE-2019-16862
Reflected XSS in interface/forms/eyemag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter...
OpenEMR Cross-Site Scripting Vulnerability (CNVD-2019-43372)
OpenEMR is a medical practice management software that also supports electronic medical records EMR. A reflected cross-site scripting vulnerability exists in interface/forms/eyemag/view.php in OpenEMR. An attacker can exploit this vulnerability to execute arbitrary code in the context of a user...
CVE-2016-10951
The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter...
CVE-2016-10951
The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter...
CVE-2018-20519
An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a job-search intention, as demonstrated by the index.php?c=Personal&a=ajaxsavebasic pid parameter...
CVE-2018-16606
In ProConf before 6.1, an Insecure Direct Object Reference IDOR allows any author to view and grab all submitted papers Title and Abstract and their authors' personal information Name, Email, Organization, and Position by changing the value of Paper ID the pid parameter...
idreamsoft iCMS SQL Injection Vulnerability
idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in idreamsoft iCMS 7.0.7 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the 'pid' array parameter in the...