15 matches found
EUVD-2025-27193
Malicious code in bioql PyPI...
CVE-2025-10115
A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file usersearchajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...
CVE-2025-10116
A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/fileupload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2025-10116
A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/fileupload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2025-10115
A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file usersearchajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...
CVE-2025-10116
The CVE-2025-10116 entry concerns SiempreCMS
CVE-2025-10116 SiempreCMS file_upload.php unrestricted upload
A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/fileupload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2025-10116 SiempreCMS file_upload.php unrestricted upload
A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/fileupload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2025-10115 SiempreCMS user_search_ajax.php sql injection
A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file usersearchajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...
CVE-2025-10115
CVE-2025-10115 affects SiempreCMS up to version 1.3.6. The vulnerability resides in the file user_search_ajax.php where manipulation of the name/userName parameter triggers a SQL injection. The issue can be exploited remotely and the exploit has been publicly disclosed. Remediation per connected ...
CVE-2025-10115 SiempreCMS user_search_ajax.php sql injection
A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file usersearchajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...
SiempreCMS SQL注入漏洞
SiempreCMS is a content management system of SiempreCMS open source. SiempreCMS 1.3.6 and earlier versions have a SQL injection vulnerability that stems from incorrect manipulation of the parameter name/userName in the file usersearchajax.php resulting in SQL injection...
SiempreCMS 代码问题漏洞
SiempreCMS is a content management system of SiempreCMS open source. A code issue vulnerability exists in SiempreCMS version 1.3.6 and earlier, which stems from an incorrect operation of the file /docs/admin/fileupload.php resulting in an unrestricted upload...
PT-2025-36538
Name of the Vulnerable Software and Affected Versions: SiempreCMS versions prior to 1.3.7 Description: A vulnerability was identified in SiempreCMS that allows for unrestricted file upload through manipulation of unknown code within the /docs/admin/file upload.php file. The attack can be launched...
PT-2025-36536
Name of the Vulnerable Software and Affected Versions: SiempreCMS versions up to 1.3.6 Description: A SQL injection issue exists in the user search ajax.php file of SiempreCMS. Manipulation of the name/userName argument can trigger the issue. The attack can be initiated remotely, and the exploit...