9 matches found
CVE-2019-25501
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...
CVE-2019-25501
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...
CVE-2019-25501
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...
CVE-2019-25501 Simple Job Script SQL Injection via delete_application_ajax.php
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...
CVE-2019-25501 Simple Job Script SQL Injection via delete_application_ajax.php
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...
CVE-2018-9153
The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the appid parameter to zbusers/plugin/AppCentre/pluginedit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directl...
CVE-2018-9169
Z-BlogPHP 1.5.1 has XSS via the zbusers/plugin/AppCentre/pluginedit.php appid parameter. The component must be accessed directly by an administrator, or through CSRF...
Z-BlogPHP Cross-Site Scripting Vulnerability (CNVD-2018-08697)
Z-BlogPHP is an open source PHP-based blogging system developed by the Z-Blog community. A cross-site scripting vulnerability exists in Z-BlogPHP version 1.5.1. A remote attacker can exploit this vulnerability by sending the 'appid' parameter to the zbusers/plugin/AppCentre/pluginedit.php file to...
Z-BlogPHP Arbitrary PHP Code Execution Vulnerability
Z-BlogPHP is an open source PHP-based blog system developed by the Z-Blog community. plugin upload component is one of the plugin upload components. A security vulnerability exists in the plugin upload component in Z-BlogPHP version 1.5.1. A remote attacker can exploit this vulnerability by sendi...