CVE-2025-42880

CVE-2025-42880 concerns SAP Solution Manager. Underlying issue is missing input sanitation that allows an authenticated attacker to insert arbitrary code when calling a remote-enabled function module, potentially giving full control of the system and high impact to confidentiality, integrity, and...

CVE-2025-42880 Code Injection vulnerability in SAP Solution Manager

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availabilit...

PT-2025-49831

Name of the Vulnerable Software and Affected Versions RUGGEDCOM ROX II versions prior to 2.17.0 Description The RUGGEDCOM ROX II family is affected by an issue where, under certain conditions, IPsec may allow code injection. This could allow an attacker to execute arbitrary code as a root user...

WordPress plugin GiveWP 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injecti...

PT-2025-50078

Improper Control of Generation of Code 'Code Injection' vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through = 4.13.1...

PT-2025-50068

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in sevenspark Contact Form 7 Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 Dynamic Text Extension: from n/a through = 5.0.3...

SAP Solution Manager 代码注入漏洞

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

Vite Plugin React 代码注入漏洞

Vite Plugin React is an open source plugin for Vite. A code injection vulnerability exists in Vite Plugin React 0.5.5 and earlier versions, which stems from an insecure dynamic import in the Server Functions API that could lead to remote code execution...

elysia 代码注入漏洞

elysia is a framework of elysia open source. A code injection vulnerability exists in elysia 1.4.17 and earlier versions, which stems from an uncleared cookie configuration and could lead to arbitrary code execution...

PT-2025-49830

Name of the Vulnerable Software and Affected Versions RUGGEDCOM ROX II versions prior to 2.17.0 Description A code injection issue exists in RUGGEDCOM ROX II devices. This occurs when the device is utilizing VRF Virtual Routing and Forwarding. Successful exploitation allows an attacker to execute...

WordPress plugin Contact Form 7 Dynamic Text Extension 安全漏洞

...

GreenCMS 代码注入漏洞

GreenCMS is GreenCMS open source a set of ThinkPHP-based development of content management system CMS. A code injection vulnerability exists in GreenCMS version 2.3.0603, which stems from the incorrect manipulation of the parameter Link in the file /Admin/Controller/CustomController.class.php,...

Code-Projects Intern Membership Management System 代码注入漏洞

Code-Projects Intern Membership Management System is a Code-Projects open source intern membership management system. A code injection vulnerability exists in Code-Projects Intern Membership Management System version 1.0, which stems from the incorrect manipulation of the parameter Full...

Yealink SIP-T21P E2 代码注入漏洞

Yealink SIP-T21P E2 is an enterprise IP phone from China Yealink. A code injection vulnerability exists in Yealink SIP-T21P E2 version 52.84.0.15, which originates from a cross-site scripting vulnerability in the local catalog page component...

SourceCodester Online Banking System 代码注入漏洞

SourceCodester Online Banking System is a SourceCodester open source online banking system. A code injection vulnerability exists in version 1.0 of the SourceCodester Online Banking System, which originates from the incorrect manipulation of the parameter First Name/Last Name in the file...

CVE-2025-14204

A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...

Hotel-Management-services-using-MYSQL-and-php 代码注入漏洞

Hotel-Management-services-using-MYSQL-and-php is a hotel management system by the individual developer Alok .S. Jaiswal. A code injection vulnerability exists in Hotel-Management-services-using-MYSQL-and-php, which stems from improper handling of the parameter item.name in the file /dishsub.php,...

Hotel-Management-services-using-MYSQL-and-php 代码注入漏洞

Hotel-Management-services-using-MYSQL-and-php is a hotel management system by the individual developer Alok .S. Jaiswal. A code injection vulnerability exists in Hotel-Management-services-using-MYSQL-and-php that stems from improper handling of unknown functions in the file /usersub.php, which...

Code-Projects Employee Profile Management System 代码注入漏洞

Employee Profile Management System is an employee profile management system. Employee Profile Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter peraddress/drschool/otherschool in...

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

SpringBoot-Toolkit An interactive penetration-testing tool de...