Lucene search
K

2300 matches found

NVD
NVD
added 2025/02/24 2:15 a.m.19 views

CVE-2025-1611

A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit ha...

5.8CVSS0.00527EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/02/24 2:0 a.m.8 views

CVE-2025-1611 ShopXO Template ThemeAdminService.php injection

A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit ha...

5.8CVSS7.4AI score0.00527EPSS
Exploits1References4
CVE
CVE
added 2025/02/24 2:0 a.m.63 views

CVE-2025-1611

ShopXO up to version 6.4.0 is affected by an injection vulnerability in the Template Handler component, specifically within the file app/service/ThemeAdminService.php. The issue is caused by input handling that allows remote exploitation; authenticated administrators can exploit by uploading a ma...

5.8CVSS5.1AI score0.00527EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/21 12:0 a.m.7 views

PT-2025-9194

Name of the Vulnerable Software and Affected Versions TOTOLINK X18 version 9.1.0cu.2024 B20220329 Description A critical issue exists in the setMtknatCfg function within the /cgi-bin/cstecgi.cgi file of the TOTOLINK X18 device. Manipulation of the mtkhnatEnable argument can lead to operating syst...

8.8CVSS6.7AI score0.11413EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.4 views

PT-2025-6847 · Sourcecodester · Sourcecodester Best Church Management

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Church Management Software version 1.1 Description: A critical issue has been found in the software, affecting an unknown function of the file /admin/edit slider.php. The manipulation of the id argument leads to SQL...

6.5CVSS7.4AI score0.00355EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/02/06 3:10 a.m.12 views

CVE-2016-15004

A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...

9.8CVSS7.3AI score0.01346EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/05 12:0 a.m.6 views

PT-2025-6882 · Totolink · Totolink X18

Name of the Vulnerable Software and Affected Versions: TOTOLINK X18 version 9.1.0cu.2024 B20220329 Description: A critical issue affects the setL2tpdConfig function of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be initiated...

8.8CVSS7AI score0.02672EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/02/04 10:38 p.m.5 views

CVE-2024-8081

A vulnerability classified as critical was found in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has...

9.8CVSS7.2AI score0.00606EPSS
Exploits1References1
OSV
OSV
added 2025/01/30 5:15 p.m.2 views

CVE-2025-0873

A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /customeredit.php. The manipulation of the argument id/address/fullname/phonenumber/email/city/comment leads to sql injection. T...

9.8CVSS5.8AI score0.00523EPSS
Exploits1References5
OSV
OSV
added 2025/01/30 4:15 p.m.4 views

CVE-2025-0872

A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file /addpayment.php. The manipulation of the argument id/amount/desc/inccat leads to sql injection. It is possible to launch the attack remotely. The...

9.8CVSS6.5AI score0.00523EPSS
Exploits1References5
CVE
CVE
added 2025/01/24 3:0 p.m.47 views

CVE-2025-0697

Telstra Smart Modem Gen 2 (up to 20250115) is affected by a vulnerability in the HTTP Header Handler where manipulation of the Content-Disposition argument leads to injection. The issue can be triggered remotely. Affected component/file: HTTP Header Handler; root cause described as Content-Dispos...

6.9CVSS7.3AI score0.00464EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.5 views

PT-2025-4006 · Telstra · Telstra Smart Modem Gen 2

Name of the Vulnerable Software and Affected Versions: Telstra Smart Modem Gen 2 up to 20250115 Description: A problematic issue was found in the HTTP Header Handler component. The manipulation of the Content-Disposition argument leads to injection. This issue can be initiated remotely. The vendo...

6.9CVSS7.3AI score0.00464EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2025/01/16 12:0 a.m.4 views

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes, related to the failure to protect the SQL request structure, allows attackers to execute SQL injections.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes is related to the lack of measures taken to protect the SQL request structure. Exploiting this vulnerability allows a malicious actor to execute SQL injections remotely...

9CVSS5.7AI score0.00524EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2025/01/07 5:15 p.m.3 views

CVE-2025-0299

A vulnerability classified as critical has been found in code-projects Online Book Shop 1.0. Affected is an unknown function of the file /searchresult.php. The manipulation of the argument s leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to th...

9.8CVSS5.8AI score0.00558EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/01/05 12:0 a.m.4 views

PT-2025-3800 · Unknown · Code-Projects Responsive Hotel Site

Name of the Vulnerable Software and Affected Versions: code-projects Responsive Hotel Site version 1.0 Description: A critical vulnerability was found in the code-projects Responsive Hotel Site. The issue affects an unknown function of the file /admin/print.php. Manipulation of the pid argument...

9.8CVSS6.8AI score0.00655EPSS
Exploits1References13
OSV
OSV
added 2025/01/04 2:15 p.m.3 views

CVE-2025-0210

A vulnerability has been found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be...

9.8CVSS5.8AI score0.00613EPSS
Exploits1References5
OSV
OSV
added 2025/01/04 9:15 a.m.1 views

CVE-2025-0205

A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /details2.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

9.8CVSS6.4AI score
Exploits0References5
OSV
OSV
added 2025/01/04 4:15 a.m.2 views

CVE-2025-0201

A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/updateaccount.php. The manipulation of the argument username leads to sql injection. The attack may be...

6.5CVSS5.8AI score0.00414EPSS
Exploits1References5
OSV
OSV
added 2025/01/04 3:15 a.m.1 views

CVE-2025-0200

A vulnerability has been found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /user/searchnum.php. The manipulation of the argument search leads to sql injection. The attack can...

6.5CVSS6.5AI score0.00501EPSS
Exploits1References5
OSV
OSV
added 2025/01/02 9:15 a.m.9 views

CVE-2024-13092

A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. This vulnerability affects unknown code of the file /parse/calljob/searchajax.php of the component Job Post Handler. The manipulation of the argument n leads to sql injection. The attack can be initiated...

7.5CVSS5.8AI score0.00544EPSS
Exploits1References5
Rows per page
Query Builder