CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2021/09/30 10:15 p.m.•10 views

Sql injection

FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter...

7.5CVSS9.7AI score0.00245EPSS

Prion•added 2020/05/07 8:15 p.m.•12 views

Cross site scripting

Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the catid parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043...

4.3CVSS6.2AI score0.0079EPSS

Exploits2References1Affected Software1

CVE•added 2020/05/07 7:7 p.m.•69 views

CVE-2020-12708

PHP-Fusion 9.03.50 is affected by multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary script or HTML via the cat_id parameter to downloads/downloads.php or article.php. The issue is a result of insufficient input validation in these endpoints and is...

6.1CVSS6.5AI score0.00195EPSS

NVD•added 2020/03/12 2:15 p.m.•11 views

CVE-2020-10461

The way comments in article.php vulnerable function in include/functions-article.php are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored Blind XSS injecting arbitrary web script or HTML in admin/manage-comments.php, via the GET parameter cmt...

6.1CVSS6.1AI score0.00328EPSS

NVD•added 2020/03/12 2:15 p.m.•9 views

CVE-2020-10445

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/report-article.php by adding a question mark ? followed by the payload...

4.8CVSS5AI score0.00321EPSS

NVD•added 2020/03/12 2:15 p.m.•14 views

CVE-2020-10391

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-article.php by adding a question mark ? followed by the payload...

4.8CVSS5AI score0.00321EPSS

NVD•added 2020/03/12 2:15 p.m.•13 views

CVE-2020-10401

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-article.php by adding a question mark ? followed by the payload...

4.8CVSS5AI score0.00321EPSS

Prion•added 2020/03/12 2:15 p.m.•10 views

Cross site scripting

3.5CVSS4.9AI score0.00321EPSS

CVE•added 2020/03/12 1:6 p.m.•34 views

CVE-2020-10496

Chadha PHPKB Standard Multi-Language 9 is vulnerable to a Cross-Site Request Forgery (CSRF) in the admin/edit-article.php endpoint. The vulnerability allows an attacker to cause article edits by crafting a request that an authenticated user would submit, due to insufficient validation/CSRF protec...

4.3CVSS4.5AI score0.00147EPSS

CVE•added 2020/03/12 1:5 p.m.•41 views

CVE-2020-10464

CVE-2020-10464 concerns Chadha PHPKB Standard Multi-Language 9, with a reflected XSS in admin/edit-article.php via the GET parameter p. The vulnerability allows an attacker to inject arbitrary web script or HTML when a user visits a crafted URL, affecting the affected PHPKB component and involvin...

4.8CVSS4.8AI score0.00321EPSS

CVE•added 2020/03/12 1:5 p.m.•33 views

CVE-2020-10452

CVE-2020-10452 concerns Chadha PHPKB Standard Multi-Language 9. Reflected XSS via URIs processed in admin/header.php, enabling injection of script/HTML when an attacker crafts a URI that is passed to admin/add-article.php/save-article.php (and related admin pages as per connected Red Hat advisori...

4.8CVSS4.9AI score0.00321EPSS

Cvelist•added 2020/03/12 1:3 p.m.•17 views

CVE-2020-10401

5AI score0.00321EPSS

Cvelist•added 2020/03/12 1:3 p.m.•13 views

CVE-2020-10391

5AI score0.00321EPSS

Positive Technologies•added 2020/03/12 12:0 a.m.•2 views

PT-2020-12058 · Chadha · Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of the Referer header in article.php, allowing attackers to execute Stored Blind XSS by injecting arbitrary web script or HTML. This is specifically...

5.4CVSS5.5AI score0.00281EPSS

Exploits1References3

CVE•added 2018/12/28 3:0 p.m.•37 views

CVE-2018-20561

CVE-2018-20561 affects DouCo DouPHP 1.5 20181221. The vulnerability is a stored/reflected XSS in admin/article.php?rec=update via the title parameter, enabling injection of arbitrary script/HTML as described in multiple sources. Affected component is the admin interface (article update logic) and...

4.8CVSS4.8AI score0.00235EPSS

CNVD•added 2018/01/23 12:0 a.m.•1 views

Arbitrary File Deletion Vulnerability in ECShop

ECShop is a B2C independent online store system, suitable for enterprises and individuals to quickly build a personalized online store. The system is based on PHP language and MYSQL database structure development of cross-platform open source program. ECShop V3.0.0 UTF8 release0530 version of the...

7AI score

CNVD•added 2017/11/20 12:0 a.m.•1 views

SQL Injection Vulnerability in ThinkLC Classifieds Information System article.php Page

ThinkLC Classified Information System is a local classified information system built on PHP+MYSQL development. A SQL injection vulnerability exists in the article.php page of ThinkLC Classified Information System. The vulnerability is caused due to the system failing to effectively filter...

7.3AI score

Openbugbounty•added 2017/10/20 8:40 p.m.•51 views

tapaa.or.th XSS vulnerability

Vulnerable URL: http://tapaa.or.th/infor-article.php?id=5%22%3E%3Cscript%3Ealert0;%3C%2Fscript%3E〈=en Details: Description| Value ---|--- Patched:| No Latest check for patch:| 18.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...

6.3AI score

Openbugbounty•added 2017/01/16 4:20 p.m.•8 views

quinnco.com XSS vulnerability

Vulnerable URL: http://www.quinnco.com/article.php?id=2'"--!confirmOPENBUGBOUNTY...

6.9AI score