Sql injection

FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users&section=cpanel&page=list request...

CVE-2022-28607

An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/modusers/controller.php...

CVE-2022-43709

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...

CVE-2022-43709

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...

Sql injection

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...

CVE-2022-43709

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...

CVE-2022-43709

Summary of CVE-2022-43709 : MyBB 1.8.31 contains a SQL injection vulnerability in the Admin CP → Users module. The issue allows remote authenticated users to modify the query string via direct user input or stored search filter settings, enabling partial data integrity impact as described in the ...

CVE-2022-43709

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...

MyBB SQL注入漏洞

MyBB MyBulletinBoard is a free and web-based forum software developed by MYBB team using PHP and MySQL. The software is easy to use, supports multiple languages, scalable and so on. A SQL injection vulnerability exists in MyBB version 1.8.31, which originates from a cross-site scripting...

PT-2022-27015 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB version 1.8.31 Description: The issue allows remote authenticated users to modify the query string via direct user input or stored search filter settings in the Admin CP's Users module, resulting in a SQL injection vulnerability...

GHSA-G3XF-85WC-45GQ NukeViet Cross-Site Request Forgery (CSRF)

modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed...

CVE-2018-7734

Afian FileRun is affected by a remote SQL injection in versions prior to 2018-02-13. The issue occurs when an attacker is logged in as superuser and uses the search parameter in the /?module=users&section=cpanel&page=list request to inject SQL commands. Root cause: improper input handling in the ...

CVE-2015-5520

Cross-site scripting XSS vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account...

Orchard CMS 1.7.3/1.8.2/1.9.0 - Persistent Cross-Site Scripting

----------------- Background ----------------- Orchard is a free, open source, community-focused content management system written in ASP.NET platform using the ASP.NET MVC framework. Its vision is to create shared components for building ASP.NET applications and extensions, and specific...

Orchard CMS 1.7.31.8.21.9.0 - Persistent Cross-Site Scripting

Orchard CMS 1.7.31.8.21.9.0 - Persistent Cross-Site Scripting ----------------- Background ----------------- Orchard is a free, open source, community-focused content management system written in ASP.NET platform using the ASP.NET MVC framework. Its vision is to create shared components for...

Orchard CMS 1.9.0 / 1.8.2 / 1.7.3 Cross Site Scripting

----------------- Background ----------------- Orchard is a free, open source, community-focused content management system written in ASP.NET platform using the ASP.NET MVC framework. Its vision is to create shared components for building ASP.NET applications and extensions, and specific...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via a 1 user name or 2 email address...

CVE-2012-4490

Multiple cross-site scripting XSS vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via a 1 user name or 2 email address...

CVE-2012-4490

The CVE-2012-4490 issue affects the Drupal Excluded Users module (versions 6.x-1.x prior to 6.x-1.1). It enables cross-site scripting via two input fields: user name and email address. The documented impact is client-side script/HTML injection (XSS) with no server-side impact specified beyond tha...

CVE-2012-3836

Multiple cross-site scripting XSS vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 groupname parameter in a savecategory in the users module; 2 virtualfilename, 3 branch, 4 contactperson, 5 street, 6 city, 7 province, 8 postal, 9...