CVE-2024-33805

A SQL injection vulnerability in /model/getstudent.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...

Ivanti CSA 操作系统命令注入漏洞

Ivanti CSA is a locally deployed virtual appliance designed to simplify and enhance the integration of Ivanti products with cloud services. The Ivanti CSA suffers from an OS command injection vulnerability that stems from the application failing to properly filter constructed command special...

CVE-2022-40969

An os command injection vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-40222

An OS command injection vulnerability exists in the m2m DELETEFILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...

CVE-2019-5029

An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $ can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker c...

CVE-2024-9581

The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-9846

The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-9772

The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

CVE-2024-11740

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-22677 WordPress Uix Shortcodes plugin <= 2.0.3 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in UIUX Lab Uix Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uix Shortcodes: from n/a through 2.0.3...

CVE-2024-10633

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 Business, up to, and including, 21.8.0 Developer, and up to, and including, 31.8.0 Agency. This is due to the software allowing users to...

Coolify 操作系统命令注入漏洞

Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. A command execution vulnerability exists in coolLabs Coolify, which can be exploited by an attacker to execute arbitrary commands on a system...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. WeGIA suffers from a SQL injection vulnerability that originates from allowing an attacker to execute arbitrary SQL commands in the database, which could lead to unauthorized access to sensitive informati...

WAVLINK AC3000 internet.cgi set_add_routing function netmask parameter command injection vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the netmask parameter of the internet.cgi setaddrouting function failing to correctly filter constructed command special...

WAVLINK AC3000 nas.cgi set_nas function command injection vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the nas.cgi setnas function failing to correctly filter constructed command special characters, commands, and so on. An attack...

CVE-2024-57771

A cross-site scripting XSS vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "hour" parameter in setScheduleCfg failing to correctly filter constructed command special characters,...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "eHour" parameter in setWiFiScheduleCfg failing to properly filter constructed command special characters, commands, etc. This vulnerabili...

CVE-2024-39765

Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

CVE-2024-39762

Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...