87043 matches found
CVE-2019-25710
CVE-2019-25710 affects Dolibarr ERP-CRM 8.0.4, where the rowid parameter in admin/dict.php is vulnerable to SQL injection. The issue allows an attacker to inject SQL via the rowid POST parameter and potentially read sensitive data from the database (error-based injection noted). Public sources in...
CVE-2019-25708
Heatmiser Wifi Thermostat 1.7 is affected by a cross-site request forgery (CSRF) that lets an attacker change administrator credentials by deceiving an authenticated user into submitting a crafted request to networkSetup.htm with parameters usnm, usps, and cfps. This can modify the admin username...
CVE-2019-25708 Heatmiser Wifi Thermostat 1.7 Cross-Site Request Forgery
Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters...
CVE-2019-25708 Heatmiser Wifi Thermostat 1.7 Cross-Site Request Forgery
Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters...
CVE-2019-25708
Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters...
CVE-2019-25703
ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL...
CVE-2019-25703 ImpressCMS 1.3.11 SQL Injection via bid Parameter
ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL...
CVE-2019-25703
CVE-2019-25703 affects ImpressCMS 1.3.11. A time-based blind SQL injection exists in the bid parameter accessed via admin.php, allowing an authenticated user to manipulate queries and extract data. The vulnerability arises from improper handling of the bid input, enabling SQL commands to be injec...
CVE-2019-25699 Newsbull Haber Script 1.0.0 Authenticated SQL Injection via search parameter
Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search...
CVE-2019-25699
Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search...
CVE-2018-25257 Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile
Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...
CVE-2018-25257
Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...
CVE-2018-25257
CVE-2018-25257 – Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability. An authenticated user can inject SQL code via the name field in SystemProfileForm's profile edit endpoint to manipulate queries, potentially modifying user credentials and gaining administrative access. Af...
CVE-2026-6126
A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The exploit has been made...
CVE-2026-6126
CVE-2026-6126 affects zhayujie chatgpt-on-wechat CowAgent 2.0.4. The weakness resides in an unknown function of the Administrative HTTP Endpoint, leading to missing authentication. It can be triggered remotely, and the exploit has been made public. Multiple sources note that the project was alert...
PT-2026-41203
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description LDAP and OAuth authentication flows use a Time-of-Check-Time-of-Use TOCTOU pattern—a race condition where a system checks a condition and then uses the result of that check, but the condition...
PT-2026-32175
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegroup total parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blin...
PT-2026-32177
Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...
PT-2026-32172
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using...
MyT SQL注入漏洞
MyT is a task management system developed by domgio as an individual project. Version 1.5.1 of MyT contains a SQL injection vulnerability. This vulnerability stems from insufficient input validation for the Chargegrouptotal parameter in the /charge/admin endpoint, which may lead to SQL injection...