Lucene search
K

18 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.9 views

CVE-2018-25413

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/30 2:55 p.m.11 views

EUVD-2018-21935

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/20 7:41 p.m.29 views

CVE-2026-35016 Open ISES Tickets < 3.44.2 Reflected XSS via search.php frm_query Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmquery POST parameter directly into an HTML input field VALUE attribute. Attackers...

5.1CVSS0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.14 views

PT-2026-42258

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm query POST parameter directly into an HTML input field VALUE attribute. Attacker...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.6 views

PT-2025-41464

Name of the Vulnerable Software and Affected Versions code-projects E-Commerce Website version 1.0 Description A SQL injection issue exists in code-projects E-Commerce Website 1.0. The issue is present in an unknown function within the /pages/user index search.php file. Manipulation of the Search...

7.5CVSS7.4AI score0.00441EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-2118

Malware in sbrugna...

4.3CVSS6.4AI score0.01401EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2023/06/26 12:0 a.m.12 views

The vulnerability of the GLPI system’s handling of requests and incidents lies in the improper cancellation of input during the generation of web pages, allowing a malicious user to execute arbitrary SQL queries in the database.

The vulnerability of the GLPI system for handling requests and incidents is related to insufficient cleaning of user data on search pages. A malicious actor can trick a victim into clicking on a specially created link, allowing arbitrary HTML code and scripts to be executed in the user’s browser...

6.4CVSS6.5AI score0.00605EPSS
Exploits0References6Affected Software2
CNNVD
CNNVD
added 2022/07/20 12:0 a.m.6 views

Simple e-Learning System SQL注入漏洞

Simple e-Learning System is a simple e-learning system from Carlo Montero's personal developer. version v1.0 of Simple E-Learning System is vulnerable to a SQL injection vulnerability that stems from the affected file search.php lacking validation of externally entered SQL statements. An attacker...

8.8CVSS6AI score0.00625EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/07/07 12:0 a.m.4 views

atoms183 CMS SQL注入漏洞

atoms183 CMS is a content management system by the individual developer of Дмитрий Глазвин. A SQL injection vulnerability exists in atoms183 CMS version 1.0, which can be exploited by an attacker to execute arbitrary commands on search.php via the Name, Fname, and ID parameters...

9.8CVSS6.4AI score0.00957EPSS
Exploits1References2
OSV
OSV
added 2022/04/11 3:15 p.m.4 views

CVE-2021-24986

The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form...

6.1CVSS6.4AI score0.00788EPSS
Exploits2References1
OSV
OSV
added 2021/11/03 6:15 p.m.3 views

CVE-2020-18263

PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information...

7.5CVSS5.8AI score0.00947EPSS
Exploits1References1
Openbugbounty
Openbugbounty
added 2017/11/03 6:26 p.m.10 views

cmcarsni.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-390947 Description| Value ---|--- Affected Website:| cmcarsni.co.uk Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/08/29 8:12 p.m.12 views

conference.city XSS vulnerability

Vulnerable URL: http://www.conference.city/page/search.php?searchkeyword=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%22OPENBUGBOUNTY%22%29%3B%3E=0=0from=2017-08-30to=2019-08-29=relevance Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.11.2017 Vulnerability type:| XSS...

6.3AI score
Exploits0
CNVD
CNVD
added 2016/08/26 12:0 a.m.2 views

SQL Injection Vulnerability in zzcms Latest Product Version /zs/search.php Page

ZZCMS highlights the investment and supply and demand functions, you can quickly build a product investment website. zzcms latest product version /zs/search.php page SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database data...

7.8AI score
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Noah's Classifieds 1.0/1.3 Search Page SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16773/info Noah's Classifieds is prone to an SQL-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2009/12/17 12:0 a.m.17 views

jCore CMS - Cross-Site Scripting

jCore CMS - Cross-Site Scripting Found: loneferret Vendor: jCore Site: http://www.jcore.net/home Software link: http://www.jcore.net/downloads Search page is vulnerable to cross-site scripting. Exploit: http://server/modules/search?search=xss here http://server/modules/search?search=xss here...

6.8AI score
Exploits0
0day.today
0day.today
added 2009/12/17 12:0 a.m.17 views

jCore CMS Cross Site Scripting Vulnerability

Exploit for unknown platform in category web applications ============================================ jCore CMS Cross Site Scripting Vulnerability ============================================ Found: loneferret Vendor: jCore Site: http://www.jcore.net/home Software link:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2002/09/24 12:0 a.m.21 views

PHP-Nuke 6.0/6.5 - Search Form Cross-Site Scripting

source: https://www.securityfocus.com/bid/5788/info PHPNuke 6.0 is prone to cross-site scripting attacks. HTML tags are not filtered from links to the 'modules.php' script. Reportedly, the problem lies in the 'Search' page of the 'modules.php' script. It is possible for a malicious attacker to...

7.4AI score
Exploits0
Rows per page
Query Builder