CVE-2026-4289

Summary: CVE-2026-4289 affects Tiandy Easy7 Integrated Management Platform (up to v7.17.0). The vulnerability lies in the function at /rest/preSetTemplate/getRecByTemplateId where manipulating the ID parameter leads to a SQL injection. This can potentially be exploited remotely, and the exploit h...

CVE-2025-50972

SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmplid parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP, and...

PT-2025-34876 · Unknown · Abantecart

Name of the Vulnerable Software and Affected Versions: AbanteCart version 1.4.2 Description: AbanteCart is susceptible to a SQL Injection issue. Unauthenticated attackers can execute arbitrary SQL commands via the tmpl id parameter in the index.php file. Exploitation techniques include error-base...

CVE-2025-50972

CVE-2025-50972 affects AbanteCart 1.4.2. The vulnerability is a SQL Injection in the unvalidated tmpl_id parameter sent to index.php, enabling unauthenticated attackers to execute arbitrary SQL commands. Documented techniques include error-based injections using a crafted FLOOR payload, time-base...

Linux Distros Unpatched Vulnerability : CVE-2019-17357

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id...

The vulnerability of the template_id function in the Cacti server monitoring system, related to the lack of measures taken to protect the SQL query structure, allows attackers to access confidential data.

The vulnerability of the templateid function in the Cacti server monitoring system is related to an error in the processing of template identifiers when a composite value of a string and an identifier is used. Exploiting this vulnerability could allow an attacker to gain access to confidential da...

PT-2020-15400 · Jenkins · Jenkins Amazon Ec2 Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Amazon EC2 Plugin versions 1.50.1 and earlier Description: A cross-site request forgery issue allows attackers to provision instances. The vulnerability is due to the plugin not requiring POST requests in several HTTP endpoints,...

UBUNTU-CVE-2019-17357

Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, ...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability in the services/camera/libcameraservice/device3/Camera3Device.cpp component of the Android operating system exists due to the lack of checks for template identifiers. Exploiting this vulnerability can allow a malicious actor to increase their privileges through a specially creat...

UBUNTU-CVE-2016-2449

services/camera/libcameraservice/device3/Camera3Device.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate template IDs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtainin...

DEBIAN-CVE-2015-4454

SQL injection vulnerability in the gethashgraphtemplate function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graphtemplateid parameter to graphtemplates.php...