GHSA-5F5R-95PG-XRPM Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Summary Some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know the system's ID. System IDs are random 15...

CVE-2022-32399

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/viewcrime.php:4...

PT-2023-13354 · Apache · Apache Axis

Name of the Vulnerable Software and Affected Versions: RWS WorldServer versions prior to 11.7.3 Description: An issue was discovered that allows an authenticated, remote attacker to perform a blind SSRF attack using the ws-legacy/load dtd?system id= endpoint to deploy JSP code to the Apache Axis...

Yunnan Dandelion Network Technology Co., Ltd. website building system has SQL injection vulnerabilities

Yunnan Dandelion Network Technology Co., Ltd. is a station building system. A SQL injection vulnerability exists in Yunnan Dandelion Network Technology Co. The vulnerability is due to the system id parameter does not filter the data submitted by the user, a remote attacker can exploit the...

Multiple Vulnerabilities in Duxcms Backend

DuxCms is a PHP development, based on HMVC rules for small and medium-sized enterprises, companies, news, personal and other related industries, website content management. Duxcms backend - form - guestbook cross-site scripting and SQL injection vulnerability. The vulnerability due to the system ...

Xionghai CMS system id parameter exists sql injection vulnerability

XIONGHAI CMS is developed by XIONGHAI can be widely used in personal blogs, personal websites, corporate websites, a set of integrated website management system. XIONGHAI CMS system id parameters exist sql injection vulnerability, the vulnerability due to the failure of the id parameters for...