1672 matches found
CVE-2021-28280
CSRF + Cross-site scripting XSS vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML...
CVE-2021-28280
CSRF + Cross-site scripting XSS vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML...
Cross site scripting
CSRF + Cross-site scripting XSS vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML...
LayerBB 1.1.4 SQL Injection
Exploit Title: LayerBB 1.1.4 - 'searchquery' SQL Injection Date: 2021-02-19 Exploit Author: Görkem Haşin Version: 1.1.4 Tested on: Linux/Windows POST /search.php HTTP/1.1 Host: Target Payload: searchquery=Lffd' AND 8460=SELECT CASE WHEN 8460=8460 THEN 8460 ELSE SELECT 1560 UNION SELECT 2122 END--...
CVE-2020-35151
CVE-2020-35151 affects The Online Marriage Registration System 1.0. The vulnerability is a Time-Based SQL Injection in the post parameter searchdata of user/search.php (and noted in admin/search.php in the exploit). Root cause: lack of input validation for searchdata, enabling attacker-controlled...
Victor CMS SQL Injection Vulnerability (CNVD-2020-68864)
Victor CMS is a simple content management system. Victor CMS 1.0 suffers from a SQL injection vulnerability. The vulnerability can be exploited to conduct SQL injection attacks via the 'search' parameter on the search.php page...
CVE-2020-29280
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page...
CVE-2020-29280
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page...
Sql injection
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page...
Victor CMS SQL注入漏洞
Victor CMS is a simple content management system. Victor CMS 1.0 suffers from a SQL injection vulnerability. The vulnerability can be exploited to conduct SQL injection attacks via the 'search' parameter on the search.php page...
xuucms 3 SQL Injection
Exploit Title: xuucms 3 - 'keywords' SQL Injection Date: 2020-11-18 Exploit Author: icekam Vendor Homepage: https://www.cxuu.top/ Software Link: https://github.com/cbkhwx/cxuucmsv3 Version: cxuucms - v3 CVE : CVE-2020-28091 SQL injection exists in search.php. For details, please refer to:...
Sql injection
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php...
CVE-2020-28091
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php...
CVE-2020-25120
The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI...
CVE-2020-23975
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the 'search.php' id parameter...
Cross site scripting
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the 'search.php' id parameter...
CVE-2020-23975
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the 'search.php' id parameter...
CVE-2020-23975
CVE-2020-23975 affects Webexcels Ecommerce CMS 2.x (2017–2020). The vulnerability is a cross-site scripting flaw exploitable via the id parameter in search.php. No detailed exploit vectors or patch information are provided in the connected documents; remediation details are not stated. In summary...
(0Day) Horde Groupware Webmail Edition Search vfolder Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Search.php. When parsing the vfolder parameter, the process does not properl...
WordPress Sell Media Cross-Site Scripting Vulnerability
The WordPress plugin Sell Media is a tailored e-commerce solution that allows you to sell photos, prints, and videos through your self-hosted WordPress website. A cross-site scripting vulnerability exists in the /inc/class-search.php file in WordPress Sell Media v2.4.1. The vulnerability stems fr...