CVE-2024-12894

CVE-2024-12894 affects TreasureHuntGame TreasureHunt up to commit 963e0e0, targeting the file TreasureHunt/acesso.php. The vulnerability arises from manipulating the input parameter usuario , enabling SQL injection . This can be exploited remotely, and the project uses a rolling release, with no ...

GHSA-2JCW-R79X-4R5V Moodle does not set the RISK_XSS bit for graders

access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted essay feedback...

job-mo.ru XSS vulnerability

Open Bug Bounty ID: OBB-269832 Description| Value ---|--- Affected Website:| job-mo.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

cinra.co.jp XSS vulnerability

Vulnerable URL: https://www.cinra.co.jp/creative/mailmag/access.php?redirect=http://xssposed.org"'--!confirmOPENBUGBOUNTY...

concrete5 'Access.php' SQL Injection Vulnerability

concrete5 is a free content management system CMS developed by Portland Labs in the United States. The system allows editing and layout directly on the page. A SQL injection vulnerability exists in concrete5 that stems from the program failing to adequately filter user-submitted input before...

[KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability

----------------------------------------------------------- Concrete5 = 5.7.4 Access.php SQL Injection Vulnerability ----------------------------------------------------------- - Software Link: https://www.concrete5.org/ - Affected Versions: Version 5.7.3.1, 5.7.4, and probably other versions. -...

Concrete5 5.7.4 SQL Injection

----------------------------------------------------------- Concrete5 0 173. foreach $filterEntities as $ent 174. $filters = $ent-getAccessEntityID; 175. 176. $peIDs .= 'and peID in ' . implode$filters, ',' . ''; 177. 178. if $accessType == 0 179. $accessType = ''; 180. else 181. $accessType = '...

Concrete5 5.7.4 SQL Injection Vulnerability

Concrete5 versions 5.7.4 and below suffer from a remote SQL injection vulnerability. ----------------------------------------------------------- Concrete5 0 173. foreach $filterEntities as $ent 174. $filters = $ent-getAccessEntityID; 175. 176. $peIDs .= 'and peID in ' . implode$filters, ',' . '';...

CVE-2015-0216

access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted essay feedback...

CVE-2015-0216

access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted essay feedback...

CVE-2015-3174

mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted gradebook feedback during manual quiz grading...

CVE-2015-0216

access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted essay feedback...

MetInfo 5.1 /message/access.php $id SQL注入漏洞

No description provided by source...

CVE-2012-6563

engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors...

CVE-2012-6563

engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors...

CVE-2012-6563

CVE-2012-6563 affects Elgg prior to 1.8.5. The issue is in engine/lib/access.php where cached access lists are not properly cleared during plugin boot, allowing remote attackers to read private entities via unspecified vectors. Impact is read access to private data; no exploit vectors are detaile...

MetInfo 5.1 /message/access.php SQL注入漏洞

MetInfo是国内一款比较流行的企业网站管理系统，其5.1版本/message/access.php文件中的第12行代码处外界传入的变量$id直接拼接到SQL查询语句中，导致了SQL注入漏洞的产生。 MetInfo 5.1...

CVE-2011-4296

CVE-2011-4296 concerns Moodle where lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, allowing remote authenticated users to modify course filters by leveraging this role. Affected versions: Moodle 2.0.x up to 2.0.3; M...

Sql injection

Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 siteadmin/article-edit.php; and unspecified parameters to 2 submitted-edit.php, 3 page-edit.php, 4 section-edit.php, 5 staff-edit.php, and 6...

Gizzar <= (basePath) Remote File Include Vulnerability

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Gizzar = basePath Remote File Include Vulnerability Download: http://mesh.dl.sourceforge.net/sourceforge/gizzar/gizzar-03162002.tar.gz Discover: BorN To K!LL =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Bug in: index.php code:...