CVE-2026-8627 Correct Prices <= 1.0 - Reflected Cross-Site Scripting via PHP_SELF Parameter

The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in versions up to and including 1.0. This is due to the correctpricespage function echoing $SERVER'PHPSELF' into a form's action attribute without any input sanitization or...

Tilde CMS class.SystemAction.php file SQL injection vulnerability

Tilde CMS is a web content management system CMS. A SQL injection vulnerability exists in the class.SystemAction.php file in Tilde CMS version 1.0.1. A remote attacker can exploit this vulnerability by sending a POST request to /actionphp/action.input.php with the 'id' parameter to execute...

CVE-2017-11324

An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter...

CVE-2015-5003

The portal in IBM Tivoli Monitoring ITM 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input...