Lucene search
K

49 matches found

Grafana
Grafana
added 2022/02/08 12:0 a.m.8 views

Grafana Teams API IDOR

Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. /teams/:teamId will allow an authenticated attacker to view unintended data by querying for the specific team ID,...

4.3CVSS6.8AI score0.01185EPSS
Exploits0
Cvelist
Cvelist
added 2021/11/05 2:32 p.m.19 views

CVE-2021-39411

Multiple Cross Site Scripting XSS vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the 1 searchdata parameter in a doctor/search.php and b admin/patient-search.php, and the 2 fromdate and 3 todate parameters in admin/betweendates-detailsreports.php...

6.3AI score0.0089EPSS
Exploits0References1
CNVD
CNVD
added 2020/12/22 12:0 a.m.2 views

Online Marriage Registration System SQL Injection Vulnerability

Online Marriage Registration System is a website builder that supports online marriage registration. A SQL injection vulnerability exists in Online Marriage Registration System version 1.0, which stems from a lack of validation of the searchdata parameter of the search.php request against an...

8.8CVSS8AI score0.03783EPSS
Exploits2References1
CNNVD
CNNVD
added 2020/12/21 12:0 a.m.6 views

Phpgurukul Online Marriage Registration System SQL注入漏洞

Online Marriage Registration System is a website builder that supports online marriage registration. A SQL injection vulnerability exists in Online Marriage Registration System version 1.0, which stems from a lack of validation of the searchdata parameter of the search.php request against an...

8.8CVSS7.3AI score0.03783EPSS
Exploits2References3
NVD
NVD
added 2014/04/21 10:55 p.m.21 views

CVE-2014-2921

The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...

7.5CVSS7.8AI score0.07315EPSS
Exploits3References3
Prion
Prion
added 2014/04/21 10:55 p.m.18 views

Design/Logic Flaw

The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...

7.5CVSS8.4AI score0.07315EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2014/04/21 10:0 p.m.31 views

CVE-2014-2921

The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...

7.7AI score0.07315EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2009/12/10 12:0 a.m.4 views

PT-2009-6399 · Testlink Team · Testlink

Name of the Vulnerable Software and Affected Versions: TestLink versions prior to 1.8.5 Description: The issue allows remote attackers to inject arbitrary web script or HTML via several parameters, including the req parameter to "login.php", and allows remote authenticated users to inject arbitra...

3.5CVSS5.9AI score0.03306EPSS
Exploits7References11
Positive Technologies
Positive Technologies
added 1999/12/12 12:0 a.m.4 views

PT-1999-1526 · Disney · Disney Go Express

Name of the Vulnerable Software and Affected Versions: Disney Go Express affected versions not specified Description: The issue allows remote attackers to access and modify search information for users by connecting to an HTTP server on the user's system. Recommendations: At the moment, there is ...

2.6CVSS6.4AI score0.01458EPSS
Exploits0References2
Rows per page
Query Builder