9 matches found
EUVD-2017-17739
Malware in sbrugna...
EUVD-2018-20752
Malware in sbrugna...
EUVD-2018-20766
Malware in sbrugna...
CVE-2024-10810
A vulnerability was found in code-projects E-Health Care System 1.0. It has been classified as critical. Affected is an unknown function of the file Doctor/apprequest.php. The manipulation of the argument appid leads to sql injection. It is possible to launch the attack remotely. The exploit has...
Cross site request forgery (csrf)
The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the appid parameter to zbusers/plugin/AppCentre/pluginedit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directl...
CVE-2018-9169
Z-BlogPHP 1.5.1 has XSS via the zbusers/plugin/AppCentre/pluginedit.php appid parameter. The component must be accessed directly by an administrator, or through CSRF...
CVE-2017-8796
An issue was discovered on Accellion FTA devices before FTA912180. Because mysqlrealescapestring is misused, seos/courier/communicationp2p.php allows SQL injection with the appid parameter...
Sql injection
An issue was discovered on Accellion FTA devices before FTA912180. Because mysqlrealescapestring is misused, seos/courier/communicationp2p.php allows SQL injection with the appid parameter...
Shopify: Staff member can delete Private Apps
Hi Team, Bug description : I noticed that Full access staff member doesn't have access to private Apps Even he has access to Apps. But a Staff member can actually Delete Private Apps through the normal App link by changing the ID. Steps to reproduce : 1. Create A shop and install any app. Also...