18 matches found
CVE-2026-5537
A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function checksel of the file Apps/Index/Controller/IndexController.class.php of the component HTTP GET Parameter Handler. The manipulation of the argument seid leads to sql injection...
CVE-2021-33348
An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases...
EUVD-2021-1510
Malware in sbrugna...
EUVD-2021-30604
Malicious code in bioql PyPI...
EUVD-2025-11090
Malicious code in bioql PyPI...
Seeyon Zhiyuan OA 代码问题漏洞
Seeyon Zhiyuan OA Zhiyuan OA is a collaboration management software from China's Seeyon. A code issue vulnerability exists in Seeyon Zhiyuan OA 8.1 SP2 and prior versions, which stems from incorrect manipulation of the parameter url in the file...
CVE-2021-43697
Workerman-ThinkPHP-Redis last update Mar 16, 2018 is affected by a Cross Site Scripting XSS vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $GETC'VARJSONPHANDLER' then there is a XSS vulnerability...
CVE-2025-28399
An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class...
CVE-2021-43697
Workerman-ThinkPHP-Redis last update Mar 16, 2018 is affected by a Cross Site Scripting XSS vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $GETC'VARJSONPHANDLER' then there is a XSS vulnerability...
CVE-2021-43697
Workerman-ThinkPHP-Redis last update Mar 16, 2018 is affected by a Cross Site Scripting XSS vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $GETC'VARJSONPHANDLER' then there is a XSS vulnerability...
Workerman-ThinkPHP-Redis 跨站脚本漏洞
Workerman-ThinkPHP-Redis is an open source project consisting of the Workerman framework, the ThinkPHP framework, and Redis.Workerman-ThinkPHP-Redis is vulnerable to a cross-site scripting vulnerability that originates in the file Controller.class.php, where the exit function will terminate the...
CVE-2021-33348
An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases...
CVE-2021-33348
An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases...
ThinkCMF SQL Injection Vulnerability (CNVD-2019-07959)
ThinkCMF is a Chinese content management framework based on PHP+MYSQL. A SQL injection vulnerability exists in the delete function in SlideController.class.php in ThinkCMF X2.2.2, which can be exploited by users with administrator privileges via the ids parameter in the slide operation...
Code execution vulnerability in LvyeCMS StyeController.class.php page
LvyeCms 旅烨cms is a php content management system based on ThinkPHP. A code execution vulnerability exists in the LvyeCMS StyeController.class.php page. An attacker can upload and execute arbitrary PHP code via a directory traversal sequence...
Design/Logic Flaw
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can use a capitalized...
TinyRise最新版前台任意文件包含漏洞
简要描述: TinyRise最新版20140926任意文件包含漏洞,一定条件下,可getshell 详细说明: 漏洞发生在framework/web/controller/Controllerclass.php文件的renderExecute函数: renderExecute函数存在extract变量覆盖,关键代码如下: public function renderExecute$runfile0123456789,$data0123456789 ...//省略无关代码 if$datas0123456789!==null extract$datas0123456789;...
TCCMS v9.0 /system/core/controller.class.php SQL注入漏洞
No description provided by source...