PT-2019-14909 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue concerns the use of an unsanitized eavesdrop dest variable in the content.php file, which is reflected in HTML and leads to a cross-site scripting XSS issue. This allows for potential...

CVE-2017-17570

FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php florig or fldest parameter...

Sql injection

FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php florig or fldest parameter...

CVE-2017-17570

FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php florig or fldest parameter...

CVE-2017-17570

FS Expedia Clone 1.0 is affected by a SQL injection vulnerability in input parameters to pages.php (id), content.php (id) and show-flight-result.php (fl_orig, fl_dest). The issue stems from unsanitized user input in SQL queries, enabling remote attackers to inject commands. Public reports (Exploi...

FS Expedia Clone 1.0 - fl_orig fl_dest id SQL Injection

FS Expedia Clone 1.0 - florig fldest id SQL Injection Exploit Title: FS Expedia Clone 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/expedia-clone/ Demo: http://expedia-clone.demonstration.co.in/ Versio...

CVE-2017-15987

CVE-2017-15987 concerns Fake Magazine Cover Script with a SQL injection vulnerability exploitable via rate.php?value and content.php?id parameters. Multiple connected sources confirm the vulnerability and provide PoC payloads (e.g., UNION SELECT, CONCAT_WS with user/database/version) and exploit ...

CVE-2017-15987

Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter...

clonezilla.org XSS vulnerability

Open Bug Bounty ID: OBB-361038 Description| Value ---|--- Affected Website:| clonezilla.org Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

all4health.kr XSS vulnerability

Vulnerable URL: http://www.all4health.kr/content.php/'%22--!%3E%20%3Cimg%20src=x%20onerror=alert%22openbugbounty%22%3E?db=m46=write&year2;=2017&month2;=3&day2;=10 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 21.11.2017 Vulnerability type:| XSS Vulnerability status:|...

CVE-2017-11327

An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftpupload...

altenergymag.com XSS vulnerability

Vulnerable URL: http://www.altenergymag.com/content.php?posttype=1"...

nielsfeijen.nl XSS vulnerability

Vulnerable URL: http://www.nielsfeijen.nl/content.php?id=3"alert/OPENBUGBOUNTY/...

zhuanti.yoka.com XSS vulnerability

Vulnerable URL: http://zhuanti.yoka.com/aupres/meibai2015/content.php?callback=prompt/OPENBUGBOUNTY/...

prbank.idknet.com XSS vulnerability

Vulnerable URL: http://prbank.idknet.com/content.php?id=' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check prbank.idknet.com SS...

Eight Webcom CMS 2016 Q2 SQL Injection

Document Title: =============== Eight Webcom CMS 2016 Q2 - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1811 Release Date: ============= 2016-04-05 Vulnerability Laboratory ID VL-ID: ==================================== 181...

Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability

Document Title: =============== Eight Webcom CMS 2016 Q2 - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1811 Release Date: ============= 2016-04-05 Vulnerability Laboratory ID VL-ID: ==================================== 181...

Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability

Document Title: =============== Eight Webcom CMS 2016 Q2 - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1811 Release Date: ============= 2016-04-04 Vulnerability Laboratory ID VL-ID: ==================================== 181...

Gcon Tech Solutions 1.0 Cross Site Scripting

Gcon Tech Solutions v1.0 XSS Cross-site Scripting Web Security Vulnerabilities Exploit Title: Gcon Tech Solutions v1.0 content.php? &id Parameter XSS Security Vulnerabilities Product: Gcon Tech Solutions Vendor: Gcon Tech Solutions Vulnerable Versions: v1.0 Tested Version: v1.0 Advisory...

WordPress Mobile Pack Plugin <= 2.0.1 - Information Disclosure

Because of this vulnerability, the attackers can obtain sensitive information via an exportarticles action to export/content.php. Solution Update the plugin...