EUVD-2009-4687

Malware in sbrugna...

CVE-2025-34044

A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...

PT-2025-26993

Name of the Vulnerable Software and Affected Versions: WIFISKY 7-layer Flow Control Router affected versions not specified Description: A remote command injection issue exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router. This is due to insufficient input validation,...

CVE-2025-6317

The CVE-2025-6317 issue affects code-projects Online Shoe Store 1.0, specifically the /admin/confirm.php file. The root cause is improper validation/manipulation of the ID parameter, enabling SQL injection that can be triggered remotely. Multiple connected sources describe this vulnerability and ...

CVE-2025-6317 code-projects Online Shoe Store confirm.php sql injection

A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/confirm.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to...

Online Shopping Alphaware 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Shopping Alphaware 1.0 - Multiple SQL Injection Vulnerabilty Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

CVE-2014-9753

confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the autologin parameter...

CVE-2014-9753

CVE-2014-9753 affects ATutor 2.2 and earlier. The vulnerability arises in confirm.php via the auto_login parameter, allowing remote attackers to bypass authentication and gain an existing user session by loading or forging session data (session variable handling). The provided code excerpt shows ...

cakraspa.com XSS vulnerability

Open Bug Bounty ID: OBB-681658 Description| Value ---|--- Affected Website:| cakraspa.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

midwaytax.com XSS vulnerability

Open Bug Bounty ID: OBB-599007 Description| Value ---|--- Affected Website:| midwaytax.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

ikapusta.com.ua XSS vulnerability

Vulnerable URL: https://ikapusta.com.ua/[email protected]=8%3Cscript%3Ealert%27OPENBUGBOUNTY%27%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2933083 VIP...

ATutor 2.2.1 Directory Traversal / Remote Code Execution

This module exploits a directory traversal vulnerability in ATutor on an Apache/PHP setup with displayerrors set to On, which can be used to allow us to upload a malicious ZIP file. On the web application, a blacklist verification is performed before extraction, however it is not sufficient to...

SRC-2016-0012 : ATutor LMS confirm ‘UPDATE’ Type Juggling Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass the authentication mechanism on vulnerable installations of ATutor. The specific flaw exists in the ‘confirm.php’ script when updating a members email address. The code uses a loose comparison when comparing the supplied...

CVE-2015-3179

Moodle vulnerability CVE-2015-3179 affects login/confirm.php in Moodle releases up to 2.8.6, where remote authenticated users can bypass login restrictions by exploiting access to an unconfirmed suspended account. The description specifies affected versions: 2.5.9, 2.6.x before 2.6.11, 2.7.x befo...

CVE-2015-3176

The CVE-2015-3176 entry applies to Moodle’s account-confirmation flow (login/confirm.php). AffectedSeries: Moodle versions up to 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6. Issue: remote attackers can obtain users’ full-name information by initiating self-registration,...

CVE-2014-2008

SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter...

File Store PRO 3.2 - Multiple Blind SQL Injection Vulnerabilities

No description provided by source. | File Store PRO 3.2 Blind SQL Injection | || Download from: http://upoint.info/cgi/demo/fs/filestore.zip - Need admin rights: /confirm.php: code ifisset$GETfolder && $GETfolder!= $folder=$GETfolder; else exitBad Request; ifisset$GETid && $GETid!= $id=$GETid; el...

CVE-2012-3872

CVE-2012-3872 affects Open Constructor 3.12.0. The vulnerability is a set of reflected XSS flaws in which user-supplied input can be injected via three parameters: (1) result in data/file/edit.php, (2) q in confirm.php, and (3) keyword in users/users.php. Exploitation would allow remote attackers...

CVE-2010-4873

Cross-site scripting XSS vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

Netpet CMS <= 1.9 Directory Traversal Vulnerability

Netpet CMS is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:netpet:netpetcms";...