4 matches found
CVE-2022-27428
A stored cross-site scripting XSS vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the albumname parameter...
EUVD-2022-31931
Malicious code in bioql PyPI...
CVE-2008-0129
SQL injection vulnerability in starnet/addons/slideshowfull.php in Site@School 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the albumname parameter...
Site@School slideshow_full.php album_name Parameter SQL Injection
The remote host is running Site@School, an open source, PHP-based, content management system intended for primary schools. The version of this software installed on the remote host fails to sanitize user-supplied input to the 'albumname' parameter of the 'starnet/addons/slideshowfull.php' script...