13 matches found
CVE-2026-21630
Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint...
CVE-2026-21630
Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint...
CVE-2026-4816 Reflected Cross Site Scripting (XSS) vulnerability in Support Board
A Reflected Cross Site Scripting XSS vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the 'search' parameter in '/supportboard/include/articles.php'. This...
CVE-2025-57423
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a...
EUVD-2025-32304
Malicious code in bioql PyPI...
CVE-2025-57423
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a...
CVE-2025-57423
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a...
CVE-2025-57423
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a...
CVE-2025-57423
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a...
CVE-2025-57423
CVE-2025-57423 concerns MyClub 0.5. A SQL injection vulnerability exists in the /articles API endpoint, where insufficient input sanitisation affects the query parameters Content , GroupName , PersonName , lastUpdate , pool , and title . An unauthenticated remote attacker can craft a GET request ...
CVE-2025-57805 The Scratch Channel's Publish Articles POST Request Can Upload Articles Without Validation
The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2...
CVE-2023-27160
forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery SSRF via the component /articles/id. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request...
PT-2023-20980 · Forem · Forem
Name of the Vulnerable Software and Affected Versions: forem versions up to v2022.11.11 Description: The issue is related to a Server-Side Request Forgery SSRF via the component "/articles/id". This allows attackers to access network resources and sensitive information via a crafted POST request...