CVE-2020-18020

SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "userphone" parameter of a crafted HTTP request to the "admin.php" component...

PHPSHE Mall System SQL注入漏洞

PHPSHE is a set of online shopping mall system of China Lingbao Jane Hao Network Technology PHPSHE Company. The system supports express tracking, online chat, order evaluation and statistics and other functions. A security vulnerability exists in PHPSHE Mall System v1.7 that allows remote attacke...

CVE-2020-23763

SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication...

CVE-2020-23763

SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication...

Sql injection

SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication...

CVE-2020-23763

SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication...

CVE-2020-23763

The CVE-2020-23763 entry corresponds to a SQL injection vulnerability in Online Book Store 1.0, specifically in admin.php, that allows remote attackers to execute arbitrary SQL commands and bypass authentication. This is corroborated by multiple connected sources (e.g., Red Hat advisory, CNVD, CV...

DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)

Exploit Title: DMA Radius Manager 4.4.0 - Cross-Site Request Forgery CSRF Date: April 8, 2021 04/08/2021 Exploit Author: Issac Briones Vendor Homepage: http://www.dmasoftlab.com/ Software Download: https://sourceforge.net/projects/radiusmanager/ Version: 4.4.0 CVE: CVE-2021-30147 input type="...

CVE-2021-30147

DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php...

Cross site request forgery (csrf)

DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php...

CVE-2021-30147

DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php...

CVE-2021-30147

DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php...

Piwigo SQL Injection Vulnerability (CNVD-2021-25958)

Piwigo is a free and open source web photo album software. A SQL injection vulnerability exists in versions prior to Piwigo 11.4.0. An attacker can exploit this vulnerability by using the language parameter of admin.php?page=languages to conduct a SQL injection attack...

Sql injection

SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages...

CVE-2021-27973

Piwigo has a SQL injection vulnerability (CVE-2021-27973) in versions before 11.4.0, exploitable via the language parameter of admin.php?page=languages. Public writeups/exploits exist for 11.3.0 (e.g., Exploit-DB, PacketStorm) and CVE records note the issue. The CVE entry itself has no confirmed ...

CVE-2021-27973

SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages...

Cross site scripting

DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting XSS via the description, name, or address field under admin.php...

CVE-2021-29011

CVE-2021-29011 affects DMA Softlab Radius Manager 4.4.0 and is described as a Cross Site Scripting (XSS) vulnerability exploitable via the description, name, or address fields under admin.php. The connected documents corroborate an XSS issue with this version; CVSS metrics in the primary entry sh...

Cross-site scripting (XSS)

ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution...

GHSA-J29G-G982-PWPV Cross-site scripting (XSS)

ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution...