20 matches found
CVE-2026-10265
A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edittopic.php. Such manipulation of the argument topicid leads to sql injection. The attack may be launched remotely. The exploit is publicly...
CVE-2026-10265
A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edittopic.php. Such manipulation of the argument topicid leads to sql injection. The attack may be launched remotely. The exploit is publicly...
EUVD-2026-33647
A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edittopic.php. Such manipulation of the argument topicid leads to sql injection. The attack may be launched remotely. The exploit is publicly...
CVE-2026-10258
A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/addsubtopic.php. This manipulation of the argument topicid causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available ...
CVE-2026-10258 itsourcecode Content Management System add_sub_topic.php sql injection
A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/addsubtopic.php. This manipulation of the argument topicid causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available ...
CVE-2026-10258 itsourcecode Content Management System add_sub_topic.php sql injection
A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/addsubtopic.php. This manipulation of the argument topicid causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available ...
CVE-2026-10257 itsourcecode Content Management System update_ss_img.php sql injection
A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/updatessimg.php. The manipulation of the argument topicid results in sql injection. The attack can be executed remotely. The exploit has been released t...
ITSsourcecode Content Management System SQL Injection Vulnerability
itsourcecode Content Management System is an open-source content management system developed by itsourcecode. Version 1.0 of the itsourcecode Content Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the topicid parameter in the file...
ITSsourcecode Content Management System SQL Injection Vulnerability
itsourcecode Content Management System is an open-source content management system developed by itsourcecode. Version 1.0 of the itsourcecode Content Management System has a SQL injection vulnerability. This vulnerability stems from improper handling of the topicid parameter in the file...
ITSsourcecode Content Management System SQL Injection Vulnerability
itsourcecode Content Management System is an open-source content management system developed by itsourcecode. Version 1.0 of the itsourcecode Content Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the topicid parameter in the...
CVE-2026-42193 Plunk: SNS webhook forgery
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhoo...
CVE-2025-64519
TorrentPier (PHP) up to version 2.8.8 is affected by an authenticated SQL injection in the moderator control panel (modcp.php) via the topic_id parameter. The root cause is unsafely embedding the $topic_id input into an SQL query, enabling an authenticated moderator to execute arbitrary SQL with ...
GHSA-4RWR-8C3M-55F6 TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter
Summary An authenticated SQL injection vulnerability exists in the moderator control panel modcp.php. Users with moderator permissions can exploit this vulnerability by supplying a malicious topicid t parameter. This allows an authenticated moderator to execute arbitrary SQL queries, leading to t...
TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter
Summary An authenticated SQL injection vulnerability exists in the moderator control panel modcp.php. Users with moderator permissions can exploit this vulnerability by supplying a malicious topicid t parameter. This allows an authenticated moderator to execute arbitrary SQL queries, leading to t...
EUVD-2025-50812
TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topicid parameter...
PT-2025-46214
Name of the Vulnerable Software and Affected Versions TorrentPier versions up to and including 2.8.8 Description TorrentPier, a BitTorrent Public/Private tracker engine, contains an authenticated SQL injection flaw in the moderator control panel, specifically within the modcp.php file. A user wit...
Torrentpier TorrentPier SQL注入漏洞
Torrentpier TorrentPier is a bull-driven BitTorrent public/private tracker engine from Torrentpier Inc. A SQL injection vulnerability exists in Torrentpier TorrentPier 2.8.8 and earlier versions, which stems from improper handling of the topicid parameter in modcp.php, which could lead to a SQL...
BIT-DISCOURSE-2025-58055 Discourse AI Suggestions Contain Insecure Direct Object Reference
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract information about topics that they weren’t authorized to access. By modifying the “topicid...
CVE-2025-58055 Discourse AI Suggestions Contain Insecure Direct Object Reference
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract information about topics that they weren’t authorized to access. By modifying the “topicid...
Enhancesoft osTicket SQL Injection Vulnerability
Enhancesoft osTicket is an open source ticketing system from Enhancesoft, Inc. A security vulnerability exists in Enhancesoft osTicket v1.15.6, which originates from an SQL injection vulnerability in the Search function of the tickets.php page, allowing an authenticated attacker to execute...