18 matches found
CVE-2018-25413
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...
EUVD-2018-21935
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...
CVE-2026-35016 Open ISES Tickets < 3.44.2 Reflected XSS via search.php frm_query Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmquery POST parameter directly into an HTML input field VALUE attribute. Attackers...
PT-2026-42258
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm query POST parameter directly into an HTML input field VALUE attribute. Attacker...
PT-2025-41464
Name of the Vulnerable Software and Affected Versions code-projects E-Commerce Website version 1.0 Description A SQL injection issue exists in code-projects E-Commerce Website 1.0. The issue is present in an unknown function within the /pages/user index search.php file. Manipulation of the Search...
EUVD-2006-2118
Malware in sbrugna...
The vulnerability of the GLPI system’s handling of requests and incidents lies in the improper cancellation of input during the generation of web pages, allowing a malicious user to execute arbitrary SQL queries in the database.
The vulnerability of the GLPI system for handling requests and incidents is related to insufficient cleaning of user data on search pages. A malicious actor can trick a victim into clicking on a specially created link, allowing arbitrary HTML code and scripts to be executed in the user’s browser...
Simple e-Learning System SQL注入漏洞
Simple e-Learning System is a simple e-learning system from Carlo Montero's personal developer. version v1.0 of Simple E-Learning System is vulnerable to a SQL injection vulnerability that stems from the affected file search.php lacking validation of externally entered SQL statements. An attacker...
atoms183 CMS SQL注入漏洞
atoms183 CMS is a content management system by the individual developer of Дмитрий Глазвин. A SQL injection vulnerability exists in atoms183 CMS version 1.0, which can be exploited by an attacker to execute arbitrary commands on search.php via the Name, Fname, and ID parameters...
CVE-2021-24986
The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form...
CVE-2020-18263
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information...
cmcarsni.co.uk XSS vulnerability
Open Bug Bounty ID: OBB-390947 Description| Value ---|--- Affected Website:| cmcarsni.co.uk Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
conference.city XSS vulnerability
Vulnerable URL: http://www.conference.city/page/search.php?searchkeyword=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%22OPENBUGBOUNTY%22%29%3B%3E=0=0from=2017-08-30to=2019-08-29=relevance Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.11.2017 Vulnerability type:| XSS...
SQL Injection Vulnerability in zzcms Latest Product Version /zs/search.php Page
ZZCMS highlights the investment and supply and demand functions, you can quickly build a product investment website. zzcms latest product version /zs/search.php page SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database data...
Noah's Classifieds 1.0/1.3 Search Page SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16773/info Noah's Classifieds is prone to an SQL-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to...
jCore CMS - Cross-Site Scripting
jCore CMS - Cross-Site Scripting Found: loneferret Vendor: jCore Site: http://www.jcore.net/home Software link: http://www.jcore.net/downloads Search page is vulnerable to cross-site scripting. Exploit: http://server/modules/search?search=xss here http://server/modules/search?search=xss here...
jCore CMS Cross Site Scripting Vulnerability
Exploit for unknown platform in category web applications ============================================ jCore CMS Cross Site Scripting Vulnerability ============================================ Found: loneferret Vendor: jCore Site: http://www.jcore.net/home Software link:...
PHP-Nuke 6.0/6.5 - Search Form Cross-Site Scripting
source: https://www.securityfocus.com/bid/5788/info PHPNuke 6.0 is prone to cross-site scripting attacks. HTML tags are not filtered from links to the 'modules.php' script. Reportedly, the problem lies in the 'Search' page of the 'modules.php' script. It is possible for a malicious attacker to...