20 matches found
EUVD-2019-19719
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...
CVE-2019-25493
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...
CVE-2019-25493 Homey BNB V4 SQL Injection via getrecord.php
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...
CVE-2019-25493
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...
CVE-2019-25493 Homey BNB V4 SQL Injection via getrecord.php
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...
Doditsolutions Homey BNB SQL注入漏洞
Doditsolutions Homey BNB is a homestay reservation system operated by the Indian company Doditsolutions. Doditsolutions Homey BNB V4 has a SQL injection vulnerability; this vulnerability stems from the val parameter being susceptible to SQL injections, which may allow unverified attackers to...
PT-2026-22361
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...
EUVD-2018-2165
Malware in sbrugna...
CVE-2025-51281
D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en, val and id parameters in the qjasp function. This vulnerability allows authenticated attackers to cause a Denial of Service DoS by sending crafted GET requests with overly long values for these parameters...
CVE-2025-51281
D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en, val and id parameters in the qjasp function. This vulnerability allows authenticated attackers to cause a Denial of Service DoS by sending crafted GET requests with overly long values for these parameters...
Unicom Focal Point 安全漏洞
Unicom Focal Point is a portfolio management and decision analysis tool from Unicom, Inc. for use by corporate and government agency product organizations. A security vulnerability exists in Unicom Focal Point version 7.6.1 that stems from stored cross-site scripting in the val parameter and...
CVE-2024-39962
D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21D240126 was discovered to contain a remote code execution RCE vulnerability in the ntpzoneval parameter at /goform/setntp. This vulnerability is exploited via a crafted HTTP request...
joyplus-cms SQL Injection Vulnerability
joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A SQL injection vulnerability exists in joyplus-c...
CVE-2018-14389
joyplus-cms 1.6.0 has SQL Injection via the manager/adminajax.php val parameter...
CVE-2018-14389
joyplus-cms 1.6.0 has SQL Injection via the manager/adminajax.php val parameter...
CVE-2018-14389
joyplus-cms 1.6.0 has SQL Injection via the manager/adminajax.php val parameter...
CVE-2018-10083
CMS Made Simple CMSMS through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter...
CVE-2017-17637
CVE-2017-17637 affects Car Rental Script 2.0.4 with an SQL Injection in the countrycode1.php file via the val parameter. Multiple sources (NVD, CNVD, CVE lists, related CNVD and PRION records) corroborate a vulnerability in this script where user-supplied input is used in SQL without proper sanit...
WP Socializer 2.4.2 - admin/wpsr-services-selector.php val Parameter XSS
The WP Socializer – Simple & Easy Social Media Share Icons WordPress plugin was affected by an admin/wpsr-services-selector.php val Parameter XSS security vulnerability...
Novell GroupWise Messenger DoS
nmma.exe service crash on malformed HTTP POST val parameter...