482 matches found
CVE-2018-25161
Warranty Tracking System 11.06.3 contains an SQL injection in SearchCustomer.php that allows bypassing input validation via POST parameters txtCustomerCode, txtCustomerName, and txtPhone. The vulnerability enables attackers to execute arbitrary SQL statements (e.g., UNION SELECT) to exfiltrate se...
CVE-2018-25161
Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements...
CVE-2018-25161 Warranty Tracking System 11.06.3 SQL Injection via SearchCustomer.php
Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements...
PT-2026-23673
Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements...
CVE-2025-50198
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configurationfile; POST coursepath; POST homepath parameters. This issue has been patched in version 1.11.30...
CVE-2025-50198
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configurationfile; POST coursepath; POST homepath parameters. This issue has been patched in version 1.11.30...
CVE-2025-50198 Chamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configurationfile; POST coursepath; POST homepath parameters. This issue has been patched in version 1.11.30...
CVE-2025-50198
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configurationfile; POST coursepath; POST homepath parameters. This issue has been patched in version 1.11.30...
Linux Distros Unpatched Vulnerability : CVE-2019-25450
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code...
CVE-2019-25450
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...
CVE-2019-25450
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...
UBUNTU-CVE-2019-25450
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...
CVE-2019-25450
Dolibarr ERP/CRM 10.0.1 contains SQL injection vulnerabilities in card.php endpoints (parameters such as actioncode, demand_reason_id, availability_id) that allow authenticated attackers to manipulate queries and extract sensitive data. The flaw enables boolean-based blind, error-based, and time-...
CVE-2019-25450 Dolibarr ERP/CRM 10.0.1 SQL Injection via card.php
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...
PT-2026-21193
Name of the Vulnerable Software and Affected Versions Smanga version 3.2.7 Description An authentication bypass exists in Smanga version 3.2.7. An unauthenticated attacker can reset the password of any user, including the administrator, and fully compromise the account. This is achieved by...
LabCollector SQL注入漏洞
LabCollector is a multi-functional laboratory management platform developed by LabCollector Inc. Version 5.423 of LabCollector contains a SQL injection vulnerability. This vulnerability stems from multiple SQL injections in POST parameters, which may allow unverified attackers to execute arbitrar...
CVE-2019-25428
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpnusers endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets,...
CVE-2019-25428
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpnusers endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets,...
CVE-2019-25426
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the dnsmasq endpoint. Attackers can send POST requests with script payloads in the TRANSPARENTSOURCEBYPASS or...
CVE-2019-25423
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the /korugan/proxyconfig endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with JavaScript payloads in parameters like...