CVE-2023-40946

Schoolmate 1.3 is vulnerable to SQL Injection in the variable $username from SESSION in ValidateLogin.php...

CVE-2023-39851

webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. NOTE: this is disputed by a third party who indicates that the playerID is a session variable controlled by the server, and thus cannot be used for exploitation...

CVE-2023-39851

webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. NOTE: this is disputed by a third party who indicates that the playerID is a session variable controlled by the server, and thus cannot be used for exploitation...

Sql injection

DISPUTED webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. NOTE: this is disputed by a third party who indicates that the playerID is a session variable controlled by the server, and thus cannot be used for exploitation...

CVE-2023-39852

Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter...

CVE-2023-39851

webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. NOTE: this is disputed by a third party who indicates that the playerID is a session variable controlled by the server, and thus cannot be used for exploitation...

Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'company_list' page

Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘companylist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. However, the high...

CVE-2020-11106

An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $SESSION'RF'"viewtype" wasn't sanitized if it was already set. This made stored XSS possible if one opens ajaxcalls.php and uses the "view" action and places a payload in the type...

CVE-2020-11106

An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $SESSION'RF'"viewtype" wasn't sanitized if it was already set. This made stored XSS possible if one opens ajaxcalls.php and uses the "view" action and places a payload in the type...

Cross site scripting

An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $SESSION'RF'"viewtype" wasn't sanitized if it was already set. This made stored XSS possible if one opens ajaxcalls.php and uses the "view" action and places a payload in the type...

CVE-2020-11106

Responsive Filemanager up to v9.14.0 contains a stored XSS in dialog.php caused by unsanitized $_SESSION['RF']['view_type'] when ajax_calls.php sets it (and then dialog.php reads it). This allows payloads injected via the type parameter in the view action to persist across navigation to dialog.ph...

CVE-2020-11106

An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $SESSION'RF'"viewtype" wasn't sanitized if it was already set. This made stored XSS possible if one opens ajaxcalls.php and uses the "view" action and places a payload in the type...

Design/Logic Flaw

Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL...

Piwik <= 2.16.0 (saveLayout) PHP object injection vulnerability

The vulnerability can be triggered through the saveLayout method defined in /plugins/Dashboard/Controller.php: 210. public function saveLayout 211. 212. $this-checkTokenInUrl; 213. 214. $layout = Common::unsanitizeInputValueCommon::getRequestVar'layout'; 215. $layout = striptags$layout; 216...

ATutor 2.2 Session Variable Overloading Vulnerability

ATutor versions 2.2 and below suffer from a session variable overloading vulnerability. ---------------------------------------------------------------------- ATutor = 2.2 confirm.php Session Variable Overloading Vulnerability ----------------------------------------------------------------------...

Open redirect

lib/base.php in ownCloud before 4.0.8 does not properly validate the userid session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV...

CVE-2012-5336

The CVE-2012-5336 issue affects ownCloud Server versions prior to 4.0.8. The root cause is improper validation of the user_id session variable in lib/base.php, which allows remote authenticated users to read arbitrary files via WebDAV. Affected software: ownCloud Server

Anymacro 邮件系统任意文件下载漏洞（需登陆）

简要描述： 详细说明： 在mailattrFw.php中 其中$Fcid可控，从客户端获取，可以通过../跳转字符，跳转到相应目录进行读取。。 如默认状态下$SESSION'maildir'为：/mail/xxx.com/xxx/Maildir/ $Fcid可设置为：../../../../../etc/passwd 即可读取passwd内容 漏洞证明：...

Server: Auth bypass in /lib/base.php

/lib/base.php before ownCloud 4.0.8 does not properly validate the userid session variable via WebDAV, which allows authenticated attackers to gain access to other users files. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

Limesurvey Blind SQL Injection

Exploit Title: LimeSurvey Blind SQL injection Date: 20/02/2012 Author: TorTukiTu - OpenSphere Version: 1.91+ build 11804 Tested on: php ckeprotectedCckeprotectedC ------------------------------------------------------------------------- TorTukiTu - Killing Tortoise ,-"""-. oo./ / \ /\ /// \...