CVE-2025-55472

SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in the /admin/loadUsers API endpoint. The vulnerability arises due to unsafe handling of user-supplied input in the columns0data parameter, which is directly used in SQL queries without proper validation or parameterization...

PT-2025-35582

Name of the Vulnerable Software and Affected Versions: Tirreno version 0.9.5 Description: A SQL Injection issue exists in Tirreno version 0.9.5. The vulnerability is located in the /admin/loadUsers API endpoint, stemming from the unsafe handling of user-supplied input within the columns0data...

CVE-2014-1603

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 param parameter to admin/load.php or 2 user, 3 email, or 4 name parameter in a Save Settings action to admin/settings.php...