CVE-2023-43341

Cross-site scripting XSS vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter...

PT-2023-30447 · Ibos Oa · Ibos Oa

Name of the Vulnerable Software and Affected Versions: IBOS OA version 4.5.5 Description: A critical issue affects the processing of the file at the endpoint "?r=dashboard/user/export&uid=uid", leading to SQL injection. The attack can be initiated remotely. Recommendations: For IBOS OA version...

CVE-2023-2089

A vulnerability was found in SourceCodester Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/userprofile.php of the component GET Parameter Handler. The manipulation of the argument uid leads to sql injection. The attack...

SourceCodester Complaint Management System SQL注入漏洞

Complaint Management System is a complaint management system by the individual developer Arvin Arandilla. A SQL injection vulnerability exists in SourceCodester Complaint Management System version 1.0, which stems from a problem in the file /admin/userprofile.php, where manipulation of the...

PT-2023-17689 · Sourcecodester · Sourcecodester Complaint Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Complaint Management System version 1.0 Description: A critical issue affects the processing of the file /admin/userprofile.php, specifically the component GET Parameter Handler. The manipulation of the uid argument leads to SQ...

Design/Logic Flaw

IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences...

PT-2025-45364

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.12.6 Description SuiteCRM’s export functionality has a SQL injection issue due to a failure to sanitize SQL query structure when processing the uid parameter. Successful exploitation could allow a remote,...

showdoc uid Parameter SQL Injection Vulnerability

showdoc is open source a great tool for IT teams to share documents online. A SQL injection vulnerability exists in showdoc versions prior to 2.10.3, which stems from a lack of validation of the uid parameter of showdoc against externally entered SQL statements. An attacker can exploit this...

CVE-2021-42565

myfactory.FMS before 7.1-912 allows XSS via the UID parameter...

Design/Logic Flaw

myfactory.FMS before 7.1-912 allows XSS via the UID parameter...

CVE-2021-42565

myfactory.FMS before 7.1-912 allows XSS via the UID parameter...

CVE-2021-42565

Summary : CVE-2021-42565 affects myfactory FMS; versions up to 7.1-912 are vulnerable to Cross-Site Scripting via the UID parameter. The Nuclei/NVD entries corroborate the issue and describe it as a client-side script execution risk in login/UID handling. The connected documents specify the affec...

myfactory.FMS 跨站脚本漏洞

myfactory.FMS is a transaction management system. A cross-site scripting vulnerability exists in Myfactory.FMS that stems from the product's UID parameter failing to properly validate user input data. The vulnerability can be exploited to execute client-side code. The following products and...

U.S. Dept Of Defense: IDOR on https://██████ via POST UID enables database scraping

Summary: The UID parameter on █████████ in the ██████ ███████ system, with ███████, does not validate that the caller has permission to view information on the UID entered, thereby enabling personnel and student data extraction. Description: The user operations API endpoint for the ███ ██████████...

CVE-2011-4820

IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences...

SQL Injection Vulnerability in admin.php of Jinwei Mobile Mall System Version 0.2.4

Jinwei mobile mall system is a micro-business customers with a public number, imitation hand Tao page layout, support embedded video playback. Support customized model specifications, the main specifications support attached pictures, each subdivided model support inventory control, subdivided...

CVE-2019-14266

OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php...

CVE-2019-14266

OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php...

Sql injection

OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php...

CVE-2019-14266

OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php...