Cross Site Scripting (XSS)

silverstripe/framework is vulnerable to Cross Site Scripting. The vulnerability is due to a lack of adminusername and adminpassword sanitation within the setup form...

GHSA-MQF5-275H-GF6R Silverstripe framework is vulnerable to XSS in install.php

During installation, certain parameters adminusername and adminpassword are not escaped in the setup form. This issue is resolved in 3.1.14 stable, although existing users are advised to remove this file prior to deploying to a production server...

CVE-2018-10570

Frog CMS 0.9.5 has XSS in /install/index.php via the 'config''adminusername' field...

CVE-2018-10570

CVE-2018-10570 affects Frog CMS 0.9.5. The vulnerability is a Cross-Site Scripting (XSS) flaw in /install/index.php via the ['config']['admin_username'] field. CNVD notes that an attacker could inject arbitrary web script or HTML, implying a client-side impact on affected sessions/pages. The Red ...

Advanced Matrimonial Script 2.0.3 - SQL Injection

Advanced Matrimonial Script 2.0.3 - SQL Injection Exploit Title: Advanced Matrimonial Script v2.0.3 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/advanced-matrimonial/ Demo:...

MLM Membership Plan Script 2.0.5 - SQL Injection

MLM Membership Plan Script 2.0.5 - SQL Injection Exploit Title: MLM Membership Plan Script v2.0.5 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/mlm-membership-plan-script/ Demo:...

CVE-2015-6528

Multiple cross-site scripting XSS vulnerabilities in installclassic.php in Coppermine Photo Gallery CPG 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the 1 adminusername, 2 adminpassword, 3 adminemail, 4 dbserver, 5 dbname, 6 dbuser, 7 dbpass, 8 tableprefix, or 9 impath...

CVE-2015-5063

Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the 1 adminusername or 2 adminpassword parameter to install.php...

CVE-2015-5063

Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the 1 adminusername or 2 adminpassword parameter to install.php...

CVE-2014-9571

Cross-site scripting XSS vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the 1 adminusername or 2 adminpassword parameter...

AJ HYPE PRIME SQL Injection

/ AJ HYPE PRIME id Remote SQL Injection Vulnerability Discovered by : MizoZ Contact : [email protected] Team : EvilWay Date : July 29 2009 Greetings : Moudi , Zuka, All friends / SQL Injection welcome.php GET : id : HOST/PATH/forum/welcome.php?id=SQL CODE SQL CODE :...

Social Engine 3.06 - category_id SQL Injection

Social Engine 3.06 - categoryid SQL Injection ================================================================================================================== = SSSSS NN N AA K K EEEEE SSSSS TTTTTTTTT EEEEE AA MM MM = = S N N N A A K K E S T E A A M M M M = + SSSSS N N N AAAAAA KKK EEEEE SSSSS ...

CVE-2008-5806

SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the adminusername parameter aka admin field. NOTE: some of these details are obtained from third party information...

Sql injection

SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the adminusername parameter aka admin field. NOTE: some of these details are obtained from third party information...

CVE-2008-5806

SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the adminusername parameter aka admin field. NOTE: some of these details are obtained from third party information...

Silentum LoginSys 1.0.0 Insecure Cookie Handling vulnerability

No description provided by source. START 0x01 Informations: Script : Silentum LoginSys 1.0.0 Download : http://www.hotscripts.com/jump.php?listingid=69667&jumptype=1 Vulnerability : Insecure Cookie Handling Author : Osirys Contact : osirysatlivedotit Website : http://osirys.org Notes : Proud to b...

Sql injection

SQL injection vulnerability in admin/login.php in DeltaScripts PHP Shop 1.0 allows remote attackers to execute arbitrary SQL commands via the adminusername parameter. NOTE: some of these details are obtained from third party information...

CVE-2008-2180

Multiple SQL injection vulnerabilities in cpLinks 1.03, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 adminusername parameter aka the username field to admin/index.php and the 2 searchtext and 3 searchcategory parameters to search.php. NOTE:...

CVE-2008-2180

Multiple SQL injection vulnerabilities in cpLinks 1.03, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 adminusername parameter aka the username field to admin/index.php and the 2 searchtext and 3 searchcategory parameters to search.php. NOTE:...

PHP-Fusion 6.00.109 (msg_send) SQL Injection Exploit

No description provided by source. php if magicquotes off - SQL Injection, poc: http://target/pathtoPhpFusion/messages.php?msgsend=' UNION SELECT userpassword FROM fusionusers WHERE username='adminusername'/ inserted the above for a better description /str0ke 19.17 28/09/2005 -- PhpF600109xpl.php...