CVE-2025-10371 eCharge Hardy Barth Salia PLCC api.php unrestricted upload

A security flaw has been discovered in eCharge Hardy Barth Salia PLCC up to 2.3.81. This issue affects some unknown processing of the file /api.php. The manipulation of the argument setrfidlist results in unrestricted upload. The attack may be performed from remote. The exploit has been released ...

PT-2024-17966 · Phpems · Phpems

Name of the Vulnerable Software and Affected Versions: PHPEMS versions up to 1.0 Description: A critical issue has been found in the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The issue has been disclosed to th...

CVE-2024-0733

A vulnerability was found in Smsot up to 2.12. It has been classified as critical. Affected is an unknown function of the file /api.php of the component HTTP POST Request Handler. The manipulation of the argument datasign leads to sql injection. It is possible to launch the attack remotely. The...

Smsot SQL Injection Vulnerability

Smsot is a professional community operation solution by China Motech Smsot. A SQL injection vulnerability exists in Smsot 2.12 and earlier versions, which stems from the parameter datasign in the file /api.php that can lead to SQL injection...

HaoKeKeJi YiQiNiu Code Issue Vulnerability

HaoKeKeJi YiQiNiu is an application from HaoKeKeJi. A code issue vulnerability exists in HaoKeKeJi YiQiNiu version 3.1 and prior versions, which stems from a cross-site request forgery vulnerability in the httppost function of the /application/pay/controller/Api.php file...

PT-2023-10273 · Fastly · Fastly Plugin

Name of the Vulnerable Software and Affected Versions: Fastly Plugin versions up to 0.97 Description: A vulnerability was found in the Fastly Plugin, which has been rated as problematic. The issue affects the function post of the file lib/api.php. The manipulation of the url argument leads to...

PT-2023-10619 · Unknown · Jfm-So Piwallet

Name of the Vulnerable Software and Affected Versions: jfm-so piWallet affected versions not specified Description: A critical issue affects some unknown functionality of the file api.php. The manipulation of the key argument leads to sql injection. Recommendations: Apply a patch to fix this issu...

viaviwebtech Android EBook App SQL注入漏洞

viaviwebtech Android EBook App is an eBook application by viaviwebtech India. Books can be read online and offline. A security vulnerability exists in viaviwebtech Android EBook App 10, which stems from an SQL injection that may be triggered via the authorid parameter of api.php...

CVE-2020-6577

The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c German edition allows itrk-api.php rechtstextlanguage SQL Injection...

Western Digital My Cloud NAS Elevation of Privilege Vulnerability

Western Digital My Cloud is a personal cloud storage device from Western Digital. An elevation of privilege vulnerability exists in Western Digital My Cloud NAS versions prior to 5.04.114, which stems from a remote code execution vulnerability in cgi api.php that allows privilege escalation. No...

CVE-2018-9104

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...

CVE-2018-9104

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...

MediaWiki cross-site scripting vulnerability (CNVD-2015-02414)

MediaWiki is a Wiki program. A cross-site scripting vulnerability exists in MediaWiki, which stems from the api.php script failing to adequately filter wddx format requests. When the program uses HHVM, a remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with...