Lucene search
K

482 matches found

CVE
CVE
added 2026/03/06 12:18 p.m.15 views

CVE-2018-25161

Warranty Tracking System 11.06.3 contains an SQL injection in SearchCustomer.php that allows bypassing input validation via POST parameters txtCustomerCode, txtCustomerName, and txtPhone. The vulnerability enables attackers to execute arbitrary SQL statements (e.g., UNION SELECT) to exfiltrate se...

8.8CVSS6.1AI score0.00225EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:18 p.m.6 views

CVE-2018-25161

Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements...

8.8CVSS6.1AI score0.00225EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 12:18 p.m.4 views

CVE-2018-25161 Warranty Tracking System 11.06.3 SQL Injection via SearchCustomer.php

Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements...

8.8CVSS6.1AI score0.00225EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.10 views

PT-2026-23673

Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements...

8.8CVSS6.1AI score0.00225EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.7 views

CVE-2025-50198

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configurationfile; POST coursepath; POST homepath parameters. This issue has been patched in version 1.11.30...

8.8CVSS5.9AI score0.00344EPSS
Exploits1References1
NVD
NVD
added 2026/03/02 4:16 p.m.13 views

CVE-2025-50198

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configurationfile; POST coursepath; POST homepath parameters. This issue has been patched in version 1.11.30...

8.8CVSS0.00344EPSS
Exploits1References5
OSV
OSV
added 2026/03/02 3:46 p.m.8 views

CVE-2025-50198 Chamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configurationfile; POST coursepath; POST homepath parameters. This issue has been patched in version 1.11.30...

8.8CVSS5.9AI score0.00344EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/03/02 3:46 p.m.4 views

CVE-2025-50198

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configurationfile; POST coursepath; POST homepath parameters. This issue has been patched in version 1.11.30...

8.8CVSS5.9AI score0.00344EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/23 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-25450

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code...

7.5CVSS6.1AI score0.0031EPSS
Exploits1References2
OSV
OSV
added 2026/02/22 2:16 p.m.6 views

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

7.1CVSS6.1AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/22 2:16 p.m.5 views

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

7.5CVSS6AI score0.0031EPSS
Exploits1References3
OSV
OSV
added 2026/02/22 2:16 p.m.4 views

UBUNTU-CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

7.5CVSS6AI score0.0031EPSS
Exploits1References4
CVE
CVE
added 2026/02/22 1:18 p.m.14 views

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains SQL injection vulnerabilities in card.php endpoints (parameters such as actioncode, demand_reason_id, availability_id) that allow authenticated attackers to manipulate queries and extract sensitive data. The flaw enables boolean-based blind, error-based, and time-...

7.5CVSS5.9AI score0.0031EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/22 1:18 p.m.40 views

CVE-2019-25450 Dolibarr ERP/CRM 10.0.1 SQL Injection via card.php

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

7.5CVSS0.0031EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.11 views

PT-2026-21193

Name of the Vulnerable Software and Affected Versions Smanga version 3.2.7 Description An authentication bypass exists in Smanga version 3.2.7. An unauthenticated attacker can reset the password of any user, including the administrator, and fully compromise the account. This is achieved by...

5.3AI score0.00398EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

LabCollector SQL注入漏洞

LabCollector is a multi-functional laboratory management platform developed by LabCollector Inc. Version 5.423 of LabCollector contains a SQL injection vulnerability. This vulnerability stems from multiple SQL injections in POST parameters, which may allow unverified attackers to execute arbitrar...

8.8CVSS6.1AI score0.00478EPSS
Exploits1References3
OSV
OSV
added 2026/02/19 1:16 p.m.4 views

CVE-2019-25428

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpnusers endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets,...

5.1CVSS5.9AI score0.0033EPSS
Exploits1References4
NVD
NVD
added 2026/02/19 1:16 p.m.7 views

CVE-2019-25428

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpnusers endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets,...

6.1CVSS0.0033EPSS
Exploits1References4
OSV
OSV
added 2026/02/19 1:16 p.m.4 views

CVE-2019-25426

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the dnsmasq endpoint. Attackers can send POST requests with script payloads in the TRANSPARENTSOURCEBYPASS or...

5.1CVSS5.9AI score0.00369EPSS
Exploits1References4
NVD
NVD
added 2026/02/19 1:16 p.m.7 views

CVE-2019-25423

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the /korugan/proxyconfig endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with JavaScript payloads in parameters like...

6.1CVSS0.00399EPSS
Exploits1References4
Rows per page
Query Builder