733 matches found
CVE-2025-57423
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a...
CVE-2025-57423
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a...
CVE-2025-57423
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a...
CVE-2025-57423
CVE-2025-57423 concerns MyClub 0.5. A SQL injection vulnerability exists in the /articles API endpoint, where insufficient input sanitisation affects the query parameters Content , GroupName , PersonName , lastUpdate , pool , and title . An unauthenticated remote attacker can craft a GET request ...
CVE-2025-59535
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on...
Dotnetnuke < 10.1.0 Loading unused themes on annonymous clients through query parameters (CVE-2025-59535)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.1.0. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1....
CVE-2025-59535
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on...
Unsafe Dependency Resolution
Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the Skin feature. An attacker can cause unauthorized theme loading and potentially execute arbitrary code by supplying crafted query parameters to load unused or outdated themes. Remediation Upgrade...
DNN allows loading unused themes on anonymous clients through query parameters
Summary Arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. Details Many people who run DNN sites have a number of installed theme...
GHSA-WQ2J-W9PM-7X2P DNN allows loading unused themes on anonymous clients through query parameters
Summary Arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. Details Many people who run DNN sites have a number of installed theme...
CVE-2025-59535 DotNetNuke.Core allows loading of unused themes on anonymous clients through query parameters
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on...
CVE-2025-59535
DNN (DotNetNuke) before version 10.1.0 is vulnerable to loading unused themes via query parameters. If an installed theme has a vulnerability, it could be loaded on unsuspecting clients, potentially enabling server-side or client-side arbitrary code execution depending on the vulnerable theme. Th...
CVE-2025-59535 DotNetNuke.Core allows loading of unused themes on anonymous clients through query parameters
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on...
CVE-2025-59535 DotNetNuke.Core allows loading of unused themes on anonymous clients through query parameters
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on...
CVE-2025-55885
CVE-2025-55885 is a SQL injection in Alpes Recherche et Developpement ARD GEC en Lign prior to 2025-04-23 that lets a remote attacker escalate privileges by manipulating GET parameters in index.php. Root cause: improper handling of GET inputs in the web app. Impact: privilege escalation with Low ...
DNN 安全漏洞
DNN aka DotNetNuke is a Microsoft-supported, open-source content management system CMS based on the ASP.NET platform from the U.S. company DNN. The system is easy to install, scalable, feature-rich and so on. DNN 10.1.0 before the version of a security vulnerability , the vulnerability stems from...
PT-2025-39081
Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 10.1.0 Description DNN is an open-source web content management platform. Prior to version 10.1.0, arbitrary themes could be loaded through query parameters. This allowed potentially vulnerable, unused...
CVE-2025-50110
An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...
CVE-2025-50110
An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...
CVE-2025-50110
CVE-2025-50110 affects AVTECH EagleEyes Lite 2.0.0. The GetHttpsResponse method transmits sensitive data (internal server URLs, account IDs, passwords, device tokens) as plaintext in URL query parameters over HTTPS, creating a cleartext leakage risk and credential exposure. The vulnerability is d...