CVE-2017-18364

CVE-2017-18364 concerns phpFK lite and is a reflected cross-site scripting (XSS) vulnerability. The affected components are the web interface files faq.php, members.php, search.php (via query strings) and user.php (via the user parameter). The underlying issue is that user-supplied input in these...

CVE-2019-9594

BlueCMS 1.6 allows SQL Injection via the userid parameter in an uploads/admin/user.php?act=edit request...

CVE-2019-9594

BlueCMS 1.6 allows SQL Injection via the userid parameter in an uploads/admin/user.php?act=edit request...

CVE-2019-9594

CVE-2019-9594 affects BlueCMS 1.6 and describes an SQL injection vulnerability in the parameter user_id within the uploads/admin/user.php?act=edit request. The vulnerability allows bypassing authentication and manipulating the SQL queries executed by the application, leading to potential disclosu...

CVE-2019-7348

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user user.php because proper filtration is omitted...

CVE-2019-7348

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user user.php because proper filtration is omitted...

CVE-2019-7348

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user user.php because proper filtration is omitted...

CVE-2019-7348

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user user.php because proper filtration is omitted...

CVE-2019-7348

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user user.php because proper filtration is omitted...

PT-2019-18553 · Zoneminder +1 · Zoneminder +1

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.32.3 Description: The issue allows an attacker to execute HTML or JavaScript code via a vulnerable username parameter value in the user view user.php due to omitted proper filtration, leading to a persistent...

CVE-2018-20508

CrashFix 1.0.4 has SQL Injection via the Userstatus parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search function...

Sql injection

CrashFix 1.0.4 has SQL Injection via the Userstatus parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search function...

CVE-2018-20508

CVE-2018-20508 affects CrashFix 1.0.4 with a SQL Injection vulnerability exploitable via the User[status] parameter. The issue is tied to actionIndex in UserController.php and the protected\models\User.php search() function. The connected documents confirm the vulnerability detail but do not prov...

CVE-2018-20508

CrashFix 1.0.4 has SQL Injection via the Userstatus parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search function...

CVE-2018-18316

emlog v6.0.0 has CSRF via the admin/user.php?action=new URI...

CVE-2018-18316

emlog v6.0.0 has CSRF via the admin/user.php?action=new URI...

Cross site request forgery (csrf)

emlog v6.0.0 has CSRF via the admin/user.php?action=new URI...

CVE-2018-18316

Affected software: emlog. Vulnerability: CSRF via the admin/user.php?action=new URI in emlog v6.0.0. Root cause/impact: CSRF could allow unauthorized actions; the connected documents only state the CSRF issue with that URI and do not provide deeper technical specifics, affected modules beyond adm...

CVE-2018-18316

emlog v6.0.0 has CSRF via the admin/user.php?action=new URI...

MaxOn ERP Software 8.x-9.x - nomor SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download:...