224 matches found
CVE-2019-14266
OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php...
CVE-2019-14266
OpenSNS v6.1.0 is affected by an SQL injection in the index.php?s=/ucenter/Config/ uid parameter caused by the getNeedQueryData function in Application/Common/Model/UserModel.class.php. The issue enables manipulation of SQL queries via the uid parameter, as documented by multiple sources (e.g., C...
CVE-2018-13294
Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter...
CVE-2018-13294
Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter...
CVE-2018-18084
An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter...
CVE-2018-18084
An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter...
Sql injection
An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter...
CVE-2018-18084
An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter...
CVE-2018-18084
CVE-2018-18084 affects DuomiCMS 3.0. A SQL injection exists in the ajax.php file, demonstrated by the uid parameter. The issue is rated with CVSS v3.1: base score 9.8 (CRITICAL), vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network attack needs no authentication or user interac...
Dicoogle PACS 2.5.0 - Directory Traversal
Dicoogle PACS 2.5.0 - Directory Traversal Exploit Title: Dicoogle PACS 2.5.0 - Directory Traversal Date: 2018-05-25 Software Link: http://www.dicoogle.com/home Version: Dicoogle PACS 2.5.0-201712291522 Category: webapps Tested on: Windows 2012 R2 Exploit Author: Carlos Avila Contact:...
CVE-2017-17776
Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter...
Path traversal
Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter...
CVE-2017-17778
Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter...
CVE-2017-17776
Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter...
PHP Scripts Mall Paid To Read Script SQL Injection Vulnerability
PHP Scripts Mall Paid To Read Script is a set of paid to read website scripts by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Paid To Read Script version 2.0.5. A remote attacker can inject SQL into the Paid To Read Script 2.0.5 by sending the 'uid' parameter t...
Paid To Read Script Cross-Site Scripting Vulnerability
PHP Scripts Mall Paid To Read Script is a set of paid to read website scripts by PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall Paid To Read Script version 2.0.5. A remote attacker can exploit this vulnerability by sending the 'tier' parameter to the...
CVE-2017-17651
Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter...
CVE-2017-17651
Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter...
SQL injection vulnerability in the uid parameter in the admin_members.php page of the Ocean CMS website builder system
Ocean CMS is an open source website builder. A SQL injection vulnerability exists in the /admin/adminmembers.php page of the Ocean CMS system. The lack of filtering of the "uid" parameter allows attackers to exploit the vulnerability to obtain sensitive database information...
CVE-2017-6529
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter...