Ella Core 安全漏洞

Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Versions of Ella Core prior to 1.7.0 contained security vulnerabilities. These vulnerabilities stemmed from the NetworkManager role being granted backup and restore...

CVE-2026-27461

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...

GHSA-C5GQ-4H56-4MMX FUXA Unauthenticated Exposure of Plaintext Database Credentials

Description An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10. Impact This affects all deployments,...

CVE-2025-64174

Magento-lts is a long-term support alternative to Magento Community Edition CE. Versions 20.15.0 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin with direct database access or the admin notification feed source to inject malicious scripts...

EUVD-2017-15081

Malware in sbrugna...

EUVD-2025-31158

Malicious code in bioql PyPI...

CVE-2025-59816

This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue...

CVE-2025-59816 Authenticated Union based SQL-injection in the search input field

This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue...

CVE-2025-59816

CVE-2025-59816 affects Zenitel ICX500/ICX510 Billing Admin endpoint. Affects the Billing Admin component where attackers can query the underlying database directly, potentially retrieving all data including plaintext passwords. Root cause: database query exposure via the Billing Admin interface. ...

CVE-2025-59814

CVE-2025-59814 affects Zenitel ICX500/ICX510 Gateway Billing Admin endpoint, enabling unauthorized access to read the Billing Admin database. Multiple connected sources corroborate a vulnerability in the Billing Admin area, with impact described as reading the entire database contents. The NCSC a...

CVE-2024-45894

BlueCMS 1.6 suffers from Arbitrary File Deletion via the filename parameter in an /admin/database.php?act=del request...

WordPress Pods plugin < 3.2.8.2 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Pods versions 3.2.8.2...

CVE-2024-45894

BlueCMS 1.6 suffers from Arbitrary File Deletion via the filename parameter in an /admin/database.php?act=del request...

CVE-2023-50017

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/database/backup...

ECshop 代码问题漏洞

ShopeX ECShop is an open source mall system of the Chinese business school ShopeX company . Support PC + H5 + APP + small program mall , source code free download experience , suitable for enterprise development and build mall . ECshop 4.1.8 and previous versions of the code problem vulnerability...

Revenue Collection System 安全漏洞

Revenue Collection System is a land property billing and payment software by Carlo Montero Individual Developer. A security vulnerability exists in Revenue Collection System version v1.0 that stems from improper access control of its /admin/DBbackup/ component allowing an unauthenticated attacker...

PT-2018-14545 · Phpyun · Phpyun

Name of the Vulnerable Software and Affected Versions: PHPYun version 4.6 Description: A security issue was found in PHPYun, where a vulnerability allows the deletion of any file or directory. This is possible due to the mishandling of the sql parameter by the del action function in the...

Subrion CMS SQL Injection Vulnerability

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A SQL injection vulnerability exists in the admin/database/ URI in Subrion CMS version 4.0.5.10. A remote...

CVE-2017-6013

Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter...

Sql injection

Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter...