62 matches found
GitPython: Newline injection in config_writer() section parameter bypasses CVE-2026-42215 patch, enabling RCE via core.hooksPath
Summary The patch for CVE-2026-42215 GitPython 3.1.49 validates newlines only in the value parameter of setvalue. The section and option parameters are passed to configparser without any newline validation. An attacker who controls the section argument can inject \n to write arbitrary section...
EUVD-2008-5315
Malware in sbrugna...
EUVD-2008-6992
Malware in sbrugna...
EUVD-2008-5248
Malware in sbrugna...
EUVD-2022-39415
Malicious code in bioql PyPI...
EUVD-2022-39416
Malicious code in bioql PyPI...
EUVD-2024-22557
Malicious code in bioql PyPI...
CVE-2023-30130
An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter...
CVE-2022-36713
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /librarian/lab.php...
CVE-2022-36714
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /staff/lab.php...
Cross-site Scripting (XSS)
Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the section parameter on the "logs" tab, due to a lack of sanitization in the reportthis...
LibreNMS 跨站脚本漏洞
LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. LibreNMS suffers from a cross-site scripting vulnerability that stems from a reflected...
CVE-2024-36840
SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to newsdetails.php and locationdetails.php; and the section parameter to services.php...
CVE-2024-0821
The Cost of Goods Sold COGS: Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'section' parameter in all versions up to, and including, 3.2.8 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Plugin Cost of Goods Sold Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2024-15840 · WordPress · Cost Of Goods Sold (Cogs): Cost & Profit Calculator
Name of the Vulnerable Software and Affected Versions: The Cost of Goods Sold COGS: Cost & Profit Calculator for WooCommerce plugin for WordPress versions up to, and including, 3.2.8 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and...
CVE-2024-25221
A cross-site scripting XSS vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php...
CVE-2024-25221
A cross-site scripting XSS vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php...
Cross site scripting
A cross-site scripting XSS vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php...
CVE-2024-25221
A cross-site scripting XSS vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php...