71 matches found
CVE-2019-25664
SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.php endpoint to...
CVE-2019-25664 SuiteCRM 7.10.7 SQL Injection via record Parameter
SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.php endpoint to...
itsourcecode Free Hotel Reservation System SQL注入漏洞
itsourcecode Free Hotel Reservation System is an open-source hotel reservation system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter accountid in the file /hotel/admin/modusers/index.php,...
CVE-2021-47918
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...
CVE-2021-47918
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...
CVE-2021-47916
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2022-50940
Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially...
CVE-2021-47918 Simple CMS 2.1 SQL Injection Vulnerability via Users Module
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...
CVE-2021-47918 Simple CMS 2.1 SQL Injection Vulnerability via Users Module
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...
CVE-2021-47918
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...
EUVD-2021-34753
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...
CVE-2021-47918
CVE-2021-47918 concerns Simple CMS 2.1 with a remote SQL injection in the users module. The vulnerability arises from unvalidated input in the admin.php handler, allowing an attacker with privileges to inject arbitrary SQL commands, potentially compromising both the database management system and...
CVE-2021-47916
...
EUVD-2021-34755
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...
CVE-2021-47916
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2021-47916
The EUVD entry EUVD-2021-34755 documents a vulnerability in Simple CMS 2.1: a remote SQL injection that lets an attacker inject unvalidated SQL via the users module, exploiting unvalidated input in admin.php to compromise the database management system and the web application. The connected docum...
PT-2026-5561
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...
PT-2026-5567
Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially...
PT-2026-5563
Name of the Vulnerable Software and Affected Versions Simple CMS version 2.1 Description The Simple CMS software contains a remote SQL injection issue. Privileged attackers can inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php...
EUVD-2012-4419
Malware in sbrugna...