Sql injection

SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php...

CVE-2021-36455

SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php...

Design/Logic Flaw

In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table e.g., glpitickets, glpiusers, etc...

glpi -- Insecure Direct Object Reference on ajax/comments.ph

MITRE Corporation reports: In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table e.g., glpitickets, glpiusers, etc...

CVE-2020-14960

A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,...

CVE-2020-14960

CVE-2020-14960 is a SQL injection vulnerability in PHP-Fusion 9.03.50 that affects the administration/comments.php endpoint via the ctype parameter. The CVE description and linked references document the vulnerability and CVSS impact (CVSSv3.1: base score 7.2, high impact on confidentiality, inte...

PHP-Fusion 9.03.50 SQL Injection

Exploit Title: php-fusion 9.03.50 - 'ctype' SQL Injection Exploit Author: SunCSR Sun Cyber Security Research - ThienNV Date: 2020-05-19 Vendor Homepage: https://www.php-fusion.co.uk/ Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: 9.03.50 Tested On: Windows 10 + XAMPP...

CVE-2020-12718

The CVE-2020-12718 issue affects PHP-Fusion 9.03.50: an authenticated attacker can exploit a stored XSS in the Preview Comment feature (administration/comments.php). The vulnerability allows bypassing the protection mechanism by injecting HTML event handlers such as ontoggle. Connected sources co...

CVE-2020-10474

Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...

CVE-2020-10420

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-comments.php by adding a question mark ? followed by the payload...

Cross site request forgery (csrf)

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request...

Cross site request forgery (csrf)

CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request...

Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-comments.php by adding a question mark ? followed by the payload...

CVE-2020-10504

CVE-2020-10504 affects Chadha PHPKB Standard Multi-Language 9, where a CSRF flaw in admin/edit-comments.php enables an attacker to edit a comment by supplying an id via a crafted request. The vulnerability stems from insufficient CSRF protection in the affected endpoint, allowing unauthorized sta...

CVE-2020-10503

The CVE-2020-10503 issue affects Chadha PHPKB Standard Multi-Language version 9, where a CSRF flaw in admin/manage-comments.php lets an attacker disapprove any comment by supplying an id in a crafted request. The vulnerability stems from insufficient request validation/verification of authorized ...

CVE-2020-10502

The CVE-2020-10502 issue affects Chadha PHPKB Standard Multi-Language 9. The vulnerable component is admin/manage-comments.php where CSRF allows an attacker to approve any comment by crafting a request with the comment id. Root cause is CSRF protection missing for the approval action, enabling un...

CVE-2020-10486

The CVE-2020-10486 issue affects Chadha PHPKB Standard Multi-Language version 9, where a CSRF flaw in admin/manage-comments.php can let an attacker delete a comment via a crafted request. Root cause is CSRF vulnerability due to insufficient request forgery protections, enabling unauthorized actio...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment...

wordpress comment-rating-plugin edit-comments.php文件tab参数跨站脚本漏洞

No description provided by source...

CVE-2014-5346

The CVE-2014-5346 entry affects the WordPress Disqus Comment System plugin version 2.77. The vulnerability is Cross-Site Request Forgery (CSRF) that allows remote attackers to hijack the authentication of administrators for requests that (1) activate or (2) deactivate the plugin via the active pa...