CVE-2020-25788

Tiny Tiny RSS (tt-rss) before 2020-09-16 contains a vulnerability in imgproxy (plugins/af_proxy_http/init.php) where $_REQUEST["url"] is mishandled in an error message. Root cause: improper handling of the URL parameter in error output. Impact indicators in the provided data show high severity (C...

tt-rss -- multiple vulnerabilities

tt-rss project reports: The cachedurl feature mishandles JavaScript inside an SVG document. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message. It does not validate all URLs before requesting them. Allows remote attackers to execute arbitrary PHP code via a...

CVE-2014-10385

The memphis-documents-library plugin before 3.0 for WordPress has XSS via $REQUEST...

CVE-2014-10385

The memphis-documents-library plugin before 3.0 for WordPress has XSS via $REQUEST...

Cross-Site Request Forgery (CSRF)

phpMyAdmin is vulnerable to cross-site request forgery CSRF. The readCredentials function in AuthenticationCookie plugin uses $REQUEST instead of $POST. This allows an attacker to trick a user and deliver malicious payload, through statements such as INSERT or DELETE, to the victim...

Sql injection

Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $REQUEST'link'...

CVE-2017-17102

Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $REQUEST'link'...

Mastery oa 2015 \inc\common.inc.php approve_finish function injection vulnerability

Recently made public measured when encountered on a system, The 2015 version of the latest update date: 2016-07-22 Injection the analysis \inc\common.inc.php ? php function SecureRequest&$var if isarray$var foreach $var as $k = $v $var$k = securerequest$v; else if 0 strlen$var &&...

Prepopulate - Moderately Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-009

The Prepopulate module allows form fields to be pre-populated in the request. The Prepopulate module does not adequately prevent a user from overwriting arbitrary parts of $REQUEST. It also does not prevent pre-populating certain fields that are not displayed or manipulating markup fields to alte...

WordPress Floating Social Bar 1.1.5 Cross Site Scripting

Exploit Title: Floating Social Bar 1.1.5 XSS Date: 09-01-2015 Software Link: https://wordpress.org/plugins/floating-social-bar/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description Everyone can access saveorder...

Cross site request forgery (csrf)

LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $GET but later accessed using $REQUEST...

phpMyAdmin: SQL injection vulnerability

Background phpMyAdmin is a free web-based database administration tool. Description Richard Cunningham reported that phpMyAdmin uses the $REQUEST variable of $GET and $POST as a source for its parameters. Impact An attacker could entice a user to visit a malicious web application that sets an...

CVE-2007-0975

CVE-2007-0975 affects Ian Bezanson Apache Stats prior to 0.0.3 beta. The vulnerability is a variable extraction issue: the extract function on the _REQUEST superglobal can overwrite critical variables. The impact is stated as unknown in the source material. CVSS 2.0 base score is 5.0 (Medium). No...

CVE-2006-5116

Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...

CVE-2006-5116

Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...

CVE-2006-4677

Technical details for CVE-2006-4677 are not publicly provided in the supplied documents. No confirmed affected product/version, root cause, or remediation are present here. Monitor for updates from primary sources.