CVE-2018-1000890

FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application...

CVE-2024-13829

CVE-2024-13829 affects the WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto, vulnerable in all versions up to and including 8.0.8 via the attachments.php handling. The vulnerability enables unauthenticated attackers to extract sensitive data, including files uploade...

SUSE CVE-2024-24574

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side XSS. This vulnerability has been patched in version 3.2.5...

CVE-2020-10418

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-attachments.php by adding a question mark ? followed by the payload...

CVE-2020-10414

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/index-attachments.php by adding a question mark ? followed by the payload...

Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-attachments.php by adding a question mark ? followed by the payload...

Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/index-attachments.php by adding a question mark ? followed by the payload...

CVE-2020-10418

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-attachments.php by adding a question mark ? followed by the payload...

FrontAccounting 2.4.5 - SubmitUser SQL Injection

FrontAccounting 2.4.5 - SubmitUser SQL Injection Exploit Title: FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection Google Dork: N/A Date: 2018-12-22 Exploit Author: Sainadh Jamalpur Vendor Homepage: http://frontaccounting.com/ Software Link: https://sourceforge.net/projects/frontaccounting/...

FrontAccounting 'attachments.php'任意文件上传漏洞

Bugtraq ID:66217 FrontAccounting FA是一个针对企业ERP供应链的网页会计系统。 FrontAccounting /admin/attachments.php脚本存在安全漏洞，允许攻击者上传使用恶意扩展名的文件，并以WEB权限执行。 0 FrontAccounting 2.x FrontAccounting 2.3.20已经修复该漏洞，建议用户下载更新： http://frontaccounting.com...

PHPCMS V9 getwebshell exploit and fix-vulnerability warning-the black bar safety net

Without any permission, directly to get WEBSHELL on. and... Actually. in. There is a condition limit, and have PHP parse the vulnerability of the host to pass to kill。。。。 Life on the outside, the most important not many friends but, super long standby. I'm Edison, you know me. Detailed descriptio...

CVE-2010-1867

SQL injection vulnerability in the ArticleAttachment::GetAttachmentsByArticleNumber method in javascript/tinymcs/plugins/campsiteattachment/attachments.php in Campsite 3.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the articleid parameter...

PT-2005-2435 · Osticket · Osticket

Name of the Vulnerable Software and Affected Versions: osTicket affected versions not specified Description: A directory traversal issue exists in the attachments.php file of osTicket, allowing remote attackers to read arbitrary files by using .. sequences in the file parameter of the...