CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

136 matches found

Veracode•added 2022/02/09 6:23 a.m.•17 views

Cross-Site Request Forgery (CSRF)

microweber/microweber is vulnerable to cross-site request forgeryCSRF. The vulnerability exists due to a lack of input sanitization in the api.php file allowing the attacker to manipulate authorized users to initiate unwanted actions...

6.5CVSS5.8AI score0.00153EPSS

Exploits1References3Affected Software1

NVD•added 2021/12/02 3:15 p.m.•8 views

CVE-2021-43679

ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php...

9.8CVSS0.01107EPSS

Exploits1References1

OSV•added 2021/12/02 3:15 p.m.•6 views

CVE-2021-43679

ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php...

9.8CVSS7.8AI score

Exploits0References1

Prion•added 2021/12/02 3:15 p.m.•7 views

Sql injection

ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php...

7.5CVSS9.7AI score0.01107EPSS

Exploits1References1Affected Software1

Prion•added 2021/12/02 1:15 p.m.•8 views

Cross site scripting

nZEDb v0.4.20 is affected by a Cross Site Scripting XSS vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $GET't'...

4.3CVSS6AI score0.00223EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/12/02 12:17 p.m.•11 views

CVE-2021-43686

nZEDb v0.4.20 is affected by a Cross Site Scripting XSS vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $GET't'...

6.2AI score0.00223EPSS

Exploits1References1

Huntr•added 2021/06/25 10:53 a.m.•7 views

in hascheksolutions/opentrashmail

✍️ Description Attackers can control the filesystem path argument to readfile at api.php line 35 for ?email= parameter, which allows them to access or modify otherwise protected files. Analysis Trace: 1. application take unsensitized input at: $email = strtolower$REQUEST'email'; 2. Assigning user...

2.5AI score

Exploits0References1

OSV•added 2021/04/27 6:15 p.m.•1 views

CVE-2020-21998

In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted o...

6.1CVSS6.5AI score

Exploits0References2

Prion•added 2021/04/27 6:15 p.m.•17 views

Design/Logic Flaw

5.8CVSS6.2AI score0.01377EPSS

Exploits2References2Affected Software1

Positive Technologies•added 2021/04/27 12:0 a.m.•3 views

PT-2021-10713

Name of the Vulnerable Software and Affected Versions HomeAutomation version 3.3.2 Description The issue arises from improper verification of input passed via the redirect GET parameter in the "api.php" script. This can be exploited to redirect a user to an arbitrary website, for example, when a...

6.1CVSS6.7AI score0.01377EPSS

Exploits2References4

NVD•added 2021/02/08 3:15 p.m.•7 views

CVE-2020-16629

PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path...

9.8CVSS0.00264EPSS

Exploits1References1

Prion•added 2021/02/08 3:15 p.m.•10 views

Sql injection

7.5CVSS9.8AI score0.00264EPSS

Exploits1References1Affected Software1

NVD•added 2020/03/02 8:15 p.m.•10 views

CVE-2018-16356

An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter...

9.8CVSS9.8AI score0.00642EPSS

Exploits1References1

Prion•added 2020/03/02 8:15 p.m.•11 views

Sql injection

An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter...

7.5CVSS9.7AI score0.00642EPSS

Exploits1References1

Prion•added 2020/03/02 8:15 p.m.•7 views

Sql injection

An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter...

7.5CVSS9.7AI score0.00642EPSS

Exploits1References1

Cvelist•added 2020/03/02 7:28 p.m.•15 views

CVE-2018-16357

An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter...

9.8AI score0.00642EPSS

Exploits1References1

CVE•added 2020/03/02 7:28 p.m.•52 views

CVE-2018-16357

The CVE-2018-16357 entry concerns PbootCMS and a SQL injection vulnerability exposed through the api.php/Cms/search order parameter. The NVD entry documents a SQL injection path in PbootCMS, with CVSS v3.1 impact scores: {C:H, I:H, A:H} and a base score of 9.8 (CRITICAL) and CVSS v2 base score 7....

9.8CVSS9.7AI score0.00642EPSS

Exploits1References1Affected Software1

Cvelist•added 2020/03/02 7:24 p.m.•12 views

CVE-2018-16356

An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter...

9.8AI score0.00642EPSS

Exploits1References1

Check Point Advisories•added 2020/01/29 12:0 a.m.•4 views

MediaWiki Reflected Cross-Site Scripting (CVE-2017-8809)

A reflected cross-site scripting vulnerability exists in MediaWiki. The vulnerability is due to insufficient input validation on user input in the api.php component. A remote user can exploit this vulnerability by enticing a user to click on a malicious link...

7.5CVSS2.3AI score0.18083EPSS

Exploits0

NVD•added 2019/11/20 8:15 p.m.•17 views

CVE-2013-1817

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information...

7.5CVSS7.4AI score0.01553EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by