Lucene search
K

7797 matches found

EUVD
EUVD
added 2026/03/26 12:30 p.m.5 views

EUVD-2018-21665

Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with the action=clientaccess parameter using boolean-based blin...

8.8CVSS6AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/26 12:30 p.m.5 views

EUVD-2018-21655

Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login...

8.8CVSS6AI score0.0052EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/26 12:30 p.m.4 views

EUVD-2018-21659

Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit malicious SQL payloads through the username parameter in POST requests to index.php with...

8.8CVSS5.9AI score0.0052EPSS
Exploits1References4
NVD
NVD
added 2026/03/26 12:16 p.m.7 views

CVE-2018-25195

Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit malicious SQL payloads through the username parameter in POST requests to index.php with...

9.8CVSS0.0052EPSS
Exploits1References3
NVD
NVD
added 2026/03/26 12:16 p.m.11 views

CVE-2018-25183

Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login...

9.8CVSS0.0052EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/26 11:39 a.m.22 views

CVE-2018-25209 OpenBiz Cubi Lite 3.0.8 SQL Injection via username Parameter

OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers to manipulate database queries through the username parameter. Attackers can submit POST requests to /bin/controller.php with malicious SQL code in the username field to extract...

8.8CVSS0.00327EPSS
Exploits0References4
CVE
CVE
added 2026/03/26 11:39 a.m.7 views

CVE-2018-25207

Online Quiz Maker 1.0 is affected by SQL injection in the catid and usern parameters. The issue allows authenticated attackers to submit crafted SQL payloads via POST requests to quiz-system.php or add-category.php, potentially extracting sensitive data or bypassing authentication. The vulnerabil...

7.1CVSS6.2AI score0.0027EPSS
Exploits0References4
CVE
CVE
added 2026/03/26 11:39 a.m.8 views

CVE-2018-25195

CVE-2018-25195 describes an SQL injection vulnerability in Wecodex Hotel CMS 1.0, specifically in the admin login functionality. The issue allows unauthenticated attackers to bypass authentication by injecting SQL code via the username parameter in POST requests to index.php?action=processlogin, ...

9.8CVSS5.9AI score0.0052EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.3 views

PT-2026-28666

Name of the Vulnerable Software and Affected Versions Tenda AC5 version 15.03.06.47 Description A flaw exists in the function formQuickIndex located in the file /goform/QuickIndex within the POST Request Handler component. Manipulation of the PPPOEPassword argument can lead to a stack-based buffe...

9CVSS6.4AI score0.05461EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.9 views

PT-2026-28669

Name of the Vulnerable Software and Affected Versions Tenda AC5 version 15.03.06.47 Description A flaw exists in the Tenda AC5 device. The issue is located within the decodePwd function of the /goform/WizardHandle file, part of the POST Request Handler component. Manipulating the WANT or WANS...

9CVSS6.4AI score0.02604EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

Tenda AC5 安全漏洞

Tenda AC5 is a wireless router produced by the Chinese company Tenda. Version 15.03.06.47 of Tenda AC5 contains a security vulnerability. This vulnerability stems from incorrect handling of parameters “PPPOEPassword” in the file/goform/QuickIndex component of the POST Request Handler, which may...

9CVSS7.8AI score0.05461EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28665

Name of the Vulnerable Software and Affected Versions Tenda AC5 version 15.03.06.47 Description A flaw exists in the Tenda AC5 version 15.03.06.47 device. This issue is located within the POST Request Handler component, specifically in the fromAddressNat function of the /goform/addressNat file...

9CVSS6.5AI score0.00632EPSS
Exploits1References8
CVE
CVE
added 2026/03/24 6:38 p.m.8 views

CVE-2026-29772

Astro Server Islands vulnerability CVE-2026-29772 affects Astro SSR apps using the Node standalone adapter prior to version 10.0.0. The POST handler buffers the entire request body and parses it as JSON without any size limit, causing JSON.parse() to allocate many V8 objects and produce memory am...

7.5CVSS5.8AI score0.0037EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/24 6:31 p.m.7 views

EUVD-2026-14905

JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting XSS vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering tags but fails to recursively remove dangerous event handlers in other HTML tags such as onerro...

5.4CVSS6AI score0.00165EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/03/24 12:0 a.m.114 views

📄 esiclivre 0.2.2 SQL Injection

esiclivre versions 0.2.2 and below suffer from a remote SQL injection vulnerability. CVE-2026-30655 — SQL Injection in esiclivre password reset Summary A SQL injection vulnerability exists in the password reset endpoint of esiclivre. An unauthenticated attacker can inject SQL via the cpfcnpj POST...

6.5CVSS5.9AI score0.00514EPSS
Exploits1
NVD
NVD
added 2026/03/23 5:16 a.m.7 views

CVE-2026-4570

A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /viewcustomers.php of the component HTTP POST Request Handler. Such manipulation of the argument searchtxt leads to sql injection. The attack can be executed remotely. The...

8.8CVSS0.00295EPSS
Exploits1References5
CVE
CVE
added 2026/03/23 4:18 a.m.9 views

CVE-2026-4572

The CVE-2026-4572 entry identifies a vulnerability in SourceCodester Sales and Inventory System 1.0. The flaw affects the file /view_product.php, specifically the HTTP POST parameter searchtxt, where manipulation can lead to a SQL Injection. It is described as exploitable remotely and with a publ...

6.5CVSS6.5AI score0.00245EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/23 3:41 a.m.30 views

CVE-2026-4570 SourceCodester Sales and Inventory System HTTP POST Request view_customers.php sql injection

A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /viewcustomers.php of the component HTTP POST Request Handler. Such manipulation of the argument searchtxt leads to sql injection. The attack can be executed remotely. The...

6.5CVSS0.00295EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/23 3:41 a.m.3 views

CVE-2026-4570 SourceCodester Sales and Inventory System HTTP POST Request view_customers.php sql injection

A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /viewcustomers.php of the component HTTP POST Request Handler. Such manipulation of the argument searchtxt leads to sql injection. The attack can be executed remotely. The...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References5
CVE
CVE
added 2026/03/23 3:41 a.m.20 views

CVE-2026-4570

SourceCodester Sales and Inventory System 1.0 is affected by a SQL injection in the POST handler for /view_customers.php, caused by manipulation of the searchtxt parameter. This enables remote exploitation and is corroborated by multiple sources; an exploit is publicly available. Affected compone...

8.8CVSS6.5AI score0.00295EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder