CVE-2022-38274

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list...

CVE-2020-21013

emlog v6.0.0 contains a SQL injection via /admin/comment.php...

Sql injection

emlog v6.0.0 contains a SQL injection via /admin/comment.php...

CVE-2020-10467

Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p...

CVE-2018-16374

Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings...

guestbook06.txt

author.: l0om - www.excluded.org product: guestbox latest non-BETA 0.6 page: http://spring.realone.ch dork: "Login - Guestbox 0.6" inurl:guestbox.php someone asked me to check the guestbook named "guestbox" and thats the advisory based on my checks. 1.0 everyone can set admin comments to all...

CVE-2006-0859

Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter...

Design/Logic Flaw

Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter...

CVE-2006-0859

Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter...

CVE-2006-0859

CVE-2006-0859 affects Michael Salzer Guestbox 0.6 and earlier versions up to 0.7/0.8 pre-release? It describes a vulnerability where remote attackers can post an admin comment to a guestbook entry via a modified form, possibly related to the nummer parameter. The connected sources corroborate the...