Cross-site Request Forgery (CSRF)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the AddFriend functionality. An attacker can send a request that forces another user to accept...

Nero Social Networking Site addfriend.php File SQL Injection Vulnerability

Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /addfriend.php. An attacker can exploit this vulnerability to...

CVE-2025-12307

A vulnerability was identified in code-projects Nero Social Networking Site 1.0. Affected by this vulnerability is an unknown functionality of the file /addfriend.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly...

CVE-2025-12307

A vulnerability was identified in code-projects Nero Social Networking Site 1.0. Affected by this vulnerability is an unknown functionality of the file /addfriend.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly...

EUVD-2025-36347

A vulnerability was identified in code-projects Nero Social Networking Site 1.0. Affected by this vulnerability is an unknown functionality of the file /addfriend.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly...

CVE-2025-12307 code-projects Nero Social Networking Site addfriend.php sql injection

A vulnerability was identified in code-projects Nero Social Networking Site 1.0. Affected by this vulnerability is an unknown functionality of the file /addfriend.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly...

Code-Projects Nero Social Networking Site SQL注入漏洞

Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /addfriend.php. An attacker can exploit this vulnerability to...

PT-2025-44016

Name of the Vulnerable Software and Affected Versions code-projects Nero Social Networking Site version 1.0 Description A flaw exists in code-projects Nero Social Networking Site 1.0, specifically within the /addfriend.php file. Manipulating the ID argument can lead to a SQL injection. This issue...

Valve: Stored XXS @ https://steamcommunity.com/search/users/#text= via Profile Name

Dear Valve security staff, Short description --------------------- There is a stored cross-site-scripting vulnerability present at the user search endpoint which can be exploited by modifying profile name of the would be attacking account. See POC picture. Steps to reproduce ---------------------...