Cross site request forgery (csrf)

An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage...

CVE-2020-19199

A Cross Site Request Forgery CSRF vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code...

CVE-2020-19199

PHPOK 5.2.060 is affected by a CSRF vulnerability in admin.php?c=admin&f=save that could let a remote attacker execute arbitrary code. Affected component is PHPOK’s admin save endpoint; root cause is a CSRF flaw enabling code execution. Multiple sources (NVD entry CVE-2020-19199 and partner discl...

CVE-2020-18020

SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "userphone" parameter of a crafted HTTP request to the "admin.php" component...

Sql injection

SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "userphone" parameter of a crafted HTTP request to the "admin.php" component...

CVE-2020-18020

PHPSHE Mall System v1.7 suffers an SQL injection in the user_phone parameter of admin.php, enabling remote attackers to execute arbitrary SQL and potentially compromise the system. Root cause: improper handling of input in the user_phone field. Impact notes: remote code execution is stated in the...

CVE-2020-18020

SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "userphone" parameter of a crafted HTTP request to the "admin.php" component...

PHPSHE Mall System SQL注入漏洞

PHPSHE is a set of online shopping mall system of China Lingbao Jane Hao Network Technology PHPSHE Company. The system supports express tracking, online chat, order evaluation and statistics and other functions. A security vulnerability exists in PHPSHE Mall System v1.7 that allows remote attacke...

CVE-2020-23763

SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication...

CVE-2020-23763

SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication...

Sql injection

SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication...

CVE-2020-23763

The CVE-2020-23763 entry corresponds to a SQL injection vulnerability in Online Book Store 1.0, specifically in admin.php, that allows remote attackers to execute arbitrary SQL commands and bypass authentication. This is corroborated by multiple connected sources (e.g., Red Hat advisory, CNVD, CV...

CVE-2020-23763

SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication...

DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)

Exploit Title: DMA Radius Manager 4.4.0 - Cross-Site Request Forgery CSRF Date: April 8, 2021 04/08/2021 Exploit Author: Issac Briones Vendor Homepage: http://www.dmasoftlab.com/ Software Download: https://sourceforge.net/projects/radiusmanager/ Version: 4.4.0 CVE: CVE-2021-30147 input type="...

CVE-2021-30147

DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php...

CVE-2021-30147

DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php...

Cross site request forgery (csrf)

DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php...

CVE-2021-30147

DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php...

Piwigo SQL Injection Vulnerability (CNVD-2021-25958)

Piwigo is a free and open source web photo album software. A SQL injection vulnerability exists in versions prior to Piwigo 11.4.0. An attacker can exploit this vulnerability by using the language parameter of admin.php?page=languages to conduct a SQL injection attack...

Sql injection

SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages...