CVE-2026-8627 Correct Prices <= 1.0 - Reflected Cross-Site Scripting via PHP_SELF Parameter

The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in versions up to and including 1.0. This is due to the correctpricespage function echoing $SERVER'PHPSELF' into a form's action attribute without any input sanitization or...

The vulnerability of the index.jsf component in the HPE Intelligent Management Center PLAT software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the index.jsf component in the HPE Intelligent Management Center PLAT software platform is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the actionInput parameter...

Tilde CMS class.SystemAction.php file SQL injection vulnerability

Tilde CMS is a web content management system CMS. A SQL injection vulnerability exists in the class.SystemAction.php file in Tilde CMS version 1.0.1. A remote attacker can exploit this vulnerability by sending a POST request to /actionphp/action.input.php with the 'id' parameter to execute...

CVE-2017-11324

An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter...

CVE-2015-5003

The portal in IBM Tivoli Monitoring ITM 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input...