PremSQL 代码注入漏洞

PremSQL is an AI data analysis tool library for translating localized text into SQL, developed by Prem Open Source. Versions of PremSQL 0.2.1 and earlier contained a code injection vulnerability, which was caused by incorrect handling of the result parameter, potentially leading to code injection...

EUVD-2026-11529

A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewresult.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack can be executed remotely. The exploit h...

CVE-2026-3982 itsourcecode University Management System view_result.php cross site scripting

A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewresult.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack can be executed remotely. The exploit h...

Online Shopping Portal search-result.php File SQL Injection Vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the product parameter of search-result.php. An attacker can exploit this vulnerability to execute...

PT-2025-47195

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal version 2.0 Description The PHPGurukul Online Shopping Portal version 2.0 is susceptible to SQL Injection. The issue is located in the search-result.php file through the product parameter. Exploitation occurs...

EUVD-2007-1502

Malware in sbrugna...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the rex-api-result parameter. An attacker can execute arbitrary scripts in the context of the user's browser session by crafting a malicious URL that injects JavaScript into the web page. Details...

PT-2025-7656 · Unknown · Phpgurukul Online Shopping Portal

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Shopping Portal version 2.1 Description: A critical vulnerability was found in PHPGurukul Online Shopping Portal, affecting an unknown part of the file /search-result.php. The manipulation of the product argument leads to SQ...

SourceCodester Simple Realtime Quiz System SQL注入漏洞

SourceCodester Simple Realtime Quiz System is a real-time quiz system from SourceCodester, Inc. A SQL injection vulnerability exists in SourceCodester Simple Realtime Quiz System version 1.0, which stems from an SQL injection vulnerability in the quiz parameter of the /myquizresult.php file...

VulnCheck KEV: CVE-2013-7389

Multiple cross-site scripting XSS vulnerabilities in D-Link DIR-645 Router Rev. A1 with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the 1 deviceid parameter to parentalcontrols/bind.php, 2 RESULT parameter to info.php, or 3 receiver...

CVE-2021-27124

SQL injection in the expertise parameter in searchresult.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack...

CVE-2020-15895

An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage...

CVE-2020-15895

An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage...

PT-2018-4006 · D Link · D-Link Dir-815

Name of the Vulnerable Software and Affected Versions: D-Link DIR-815 REV. B versions through DIR-815 REVB FIRMWARE PATCH 2.07.B01 Description: The issue exists due to inadequate protection of the web page structure in the /htdocs/webinc/js/info.php component of the D-Link DIR-815 REV. B router's...

CVE-2017-17648

Entrepreneur Dating Script 2.0.1 has SQL Injection via the searchresult.php marital, gender, country, or profileid parameter...

CVE-2017-17584

FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php florig or fldest parameter...

PT-2014-3413 · D Link · D-Link Dir-645 Router

Name of the Vulnerable Software and Affected Versions: D-Link DIR-645 Router Rev. A1 with firmware prior to 1.04B11 Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the deviceid parameter to the "parentalcontrols/bind.php" endpoint, t...

PT-2007-2898

Name of the Vulnerable Software and Affected Versions DirectAdmin affected versions not specified Description A cross-site scripting XSS issue exists in CMD USER STATS, allowing remote attackers to inject arbitrary web script or HTML via the RESULT parameter. Recommendations At the moment, there ...

CVE-2006-6300

Cross-site scripting XSS vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the result parameter...