160 matches found
CVE-2023-49641 Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginCheck.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2025-2558
The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server...
MongoDB Server Denial of Service Vulnerability (CNVD-2025-15801)
MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A denial of service vulnerability exists in MongoDB Server. The vulnerability...
WeGIA SQL注入漏洞
WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from a lack of validation of query parameters against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive...
CVE-2024-12580
A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and fileid in the /code/download/:sessionId/:fileId and /download/:userId/:fileid APIs are not validated or filtered, leading to potential log injection...
CVE-2024-12580 Logs Debug Injection in danny-avila/librechat
A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and fileid in the /code/download/:sessionId/:fileId and /download/:userId/:fileid APIs are not validated or filtered, leading to potential log injection...
H2O 安全漏洞
H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O version 3.46.0 that stems from the exportModelDetails function not validating user-controllable parameters, which could lead to arbitrary file overwrites...
imFAQ 安全漏洞
imFAQ is an advanced question and answer management system for ImpressCMS websites open-sourced by Impress Modules. A security vulnerability exists in versions prior to imFAQ 1.0.1 that stems from seoOp parameters that are not cleaned or validated, which could lead to a local file inclusion that...
Code-Projects Modern Bag 安全漏洞
Modern Bag is an online management system. Modern Bag suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameters userEmail/userPassword in the /login.php file. An attacker can exploit this vulnerability to execute...
FeMiner wms 安全漏洞
FeMiner wms is a warehouse management system for Chinese front-end miners FeMiner individual developers. A SQL injection vulnerability exists in FeMiner wms version 1.0, which stems from the lack of validation of the date1, date2, id parameters against externally entered SQL statements. An attack...
Atheos 代码注入漏洞
Atheos is an open source browser-based self-hosted cloud IDE from Atheos. A code injection vulnerability exists in versions prior to Atheos v600 that stems from parameters not being properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on...
Logs Debug Injection In File Download
Description In 2 API: /code/download/:sessionId/:fileId and /download/:userId/:fileid The parameters sessionId, fileId, userId, fileid are not validated or filtered at all but are saved directly to log.debug Proof of Concept Prepare: The logs file on the server is stored at /app/api/debug-.log I...
FormosaSoft ee-class SQL注入漏洞
FormosaSoft ee-class is a recording software from the Chinese company FormosaSoft. A SQL injection vulnerability exists in versions prior to FormosaSoft ee-class 20240326.13r14494, which stems from failure to properly validate specific page parameters, allowing a remote attacker with regular...
WordPress plugin Web Directory Free 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...
SECOM Dr.ID Access Control System 安全漏洞
SECOM Dr.ID Access Control System is an access control system from China Zhongbao SECOM. A security vulnerability exists in SECOM Dr.ID Access Control System versions prior to 3.6.3, which stems from the presence of specific page parameters that are not properly validated, allowing an...
WordPress Plugin Quiz and Survey Master Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Bar Assistant Security Breach
Bar Assistant is a self-hosted application for managing home bars. A security vulnerability exists in Bar Assistant that stems from not validating parameters before making a request via Image::make, which could lead to arbitrary code execution...
CVE-2023-48429
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automaticall...
Online Matrimonial Project SQL Injection Vulnerability
Online Matrimonial Project is an online matrimonial program. A SQL injection vulnerability exists in Online Matrimonial Project v1.0 where certain parameters are not validated or escaped before they are used in a stitched SQL statement...
Online Matrimonial Project SQL Injection Vulnerability
Online Matrimonial Project is an online matrimonial program. A SQL injection vulnerability exists in Online Matrimonial Project v1.0 where certain parameters are not validated or escaped before they are used in a stitched SQL statement...