EUVD-2005-0858

Malware in sbrugna...

CVE-2022-25488

Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php...

CVE-2024-7910 CodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricted upload

A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The...

PT-2023-31998 · Sourcecodester · Sourcecodester Engineers Online Portal

Name of the Vulnerable Software and Affected Versions: SourceCodester Engineers Online Portal version 1.0 Description: A critical issue has been found in the processing of the file student avatar.php, allowing for unrestricted upload through the manipulation of the change argument. This issue can...

Sql injection

Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php...

Discuz! ychat插件 SQL注入

discuz ychat插件注入漏洞tableychatrooms.phpcode 区域 public function fetchallbycategory$categoryID,$start=0,$limit=0 if!$categoryID return null; $result=array; $result=DB::fetchall"select from ".DB::table$this-table." where categoryID=".$categoryID." order by cnum desc ". DB::limit$start, $limit;//直接带入查询...

vBulletin vBSSO Single Sign-On 1.4.14 - SQL Injection

vBulletin vBSSO Single Sign-On 1.4.14 - SQL Injection Exploit Title: vBulletin vBSSO Single Sign-On – = 1.4.15 This plugin is vulnerable to SQL injection at the /vbsso/avatar.php file in the fetchUserinfo function. It requires a big UNION ALL SELECT query and commenting out the LIMIT function of...

vBulletin vBSSO Single Sign-On 1.4.14 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: vBulletin vBSSO Single Sign-On – = 1.4.15 This plugin is vulnerable to SQL injection at the /vbsso/avatar.php file in the fetchUserinfo function. It requires a big UNION ALL SELECT query and commenting out the LIMIT function of...

Woltlab Burning Board 2.3.4 File Disclosure Vulnerability

Exploit for php platform in category web applications ========================================================= Woltlab Burning Board 2.3.4 File Disclosure Vulnerability ========================================================= Exploit Title: Woltlab Burning Board 2.3.4 File Disclosure...

phpbb 2.0.11 usercp-avatar.php 目录遍历漏洞

No description provided by source...

CVE-2005-0857

Cross-site scripting XSS vulnerability in avatar.php for CoolForum 0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the img parameter...

CVE-2005-0857

Cross-site scripting XSS vulnerability in avatar.php for CoolForum 0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the img parameter...

CVE-2005-0857

CVE-2005-0857 describes a cross-site scripting (XSS) vulnerability in CoolForum 0.8 and earlier, where an attacker can inject arbitrary web script or HTML through the img parameter in avatar.php. The connected documents corroborate this XSS claim, with NVD listing the CVE and Tenable/Nessus plugi...