Tongda2000 SQL Injection Vulnerability

Tongda2000 is a network intelligent office system of China Tongda Tongda. Tongda2000 11.9 and previous versions exist SQL injection vulnerability, the vulnerability stems from the existence of an unknown function in general/vehicle/checkup/deletesearch.php, through the parameter VUID lead to SQL...

DedeBIZ Security Vulnerabilities

DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. A security vulnerability exists in DedeBIZ version v6.0.3, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to run arbitrary code via the search functio...

WordPress Plugin EventPrime Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

mooSocial Cross-Site Scripting Vulnerability

mooSocial is a multi-platform, mobile-ready, user-friendly script from mooSocial, Inc. for building community-driven content sharing and social networking sites. A cross-site scripting vulnerability exists in mooSocial version 3.1.8, which stems from the application's lack of effective filtering...

CVE-2023-45542

Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function...

CVE-2023-45542

Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function...

Cross site scripting

Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function...

CVE-2023-45542

Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function...

CVE-2023-45542

Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function...

Enhancesoft osTicket SQL Injection Vulnerability

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, Inc. A security vulnerability exists in Enhancesoft osTicket v1.15.6, which originates from an SQL injection vulnerability in the Search function of the tickets.php page, allowing an authenticated attacker to execute...

CVE-2023-40594 Denial of Service (DoS) via the ‘printf’ Search Function

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the printf SPL function to perform a denial of service DoS against the Splunk Enterprise instance...

MotoCMS SQL Injection Vulnerability

MotoCMS is a simple website builder from MotoCMS. MotoCMS version v3.4.3 suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. The vulnerability can be exploited by an attacker to gain privileges via the keyword...

CVE-2023-36213

SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function...

Sql injection

SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function...

CVE-2023-36213

SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function...

CVE-2023-36213

SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function...

PT-2023-20796 · Mccms · Mccms

Name of the Vulnerable Software and Affected Versions: mccms version 2.6 Description: The issue allows remote attackers to run arbitrary SQL commands via the Author Center -Reader Comments -Search function. This can be exploited by accessing the Author Center and then navigating to Reader Comment...

GHSA-42C3-WVWW-GCQJ Pimcore Remote Code Execution vulnerability in Search function

Impact Attacker can get full DB and maybe RCE knowing the WEBROOT path Patches Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2.patch Workarounds Apply patch...

Pimcore Remote Code Execution vulnerability in Search function

Impact Attacker can get full DB and maybe RCE knowing the WEBROOT path Patches Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2.patch Workarounds Apply patch...

SQL injection search function

Description Please enter a description of the vulnerability. Link POC: https://drive.google.com/drive/folders/1oFZPVrJ7lID7tDArO8spsMy1VYr4oOb?usp=sharing Proof of Concept Step 1: login https://demo.pimcore.fun/admin/ Step 2: user search function and intercept request with burp Step 3: Exploit ti...