CVE-2025-1835

CVE-2025-1835 affects osuuu LightPicture 1.2.2. The vulnerability is in the upload function of /app/controller/Api.php, where manipulation of the file argument allows unrestricted remote file upload. Multiple sources (including Red Hat, NVD, CVE listings, CIRCL) document this issue and describe i...

CVE-2025-1186 dayrui XunRuiCMS Api.php deserialization

A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initiated remotely. The exploit has been...

CVE-2021-43679

ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php...

PT-2021-10713

Name of the Vulnerable Software and Affected Versions HomeAutomation version 3.3.2 Description The issue arises from improper verification of input passed via the redirect GET parameter in the "api.php" script. This can be exploited to redirect a user to an arbitrary website, for example, when a...

Sql injection

An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter...