15 matches found
CVE-2021-47853
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
EUVD-2026-3636
phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...
CVE-2021-47853
Removed by vendor...
CVE-2023-50136
Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table...
EUVD-2023-54963
Malicious code in bioql PyPI...
Ultimate Member 2.1.3 - 2.8.2 - Unauthenticated SQL Injection
Description The plugin does not sanitize and escape the sorting parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks when the "Enable custom table for usermeta" option is enabled. PoC Requirement: "Enable custom table for usermeta" option t...
Ultimate Member 2.1.3 - 2.8.2 - Unauthenticated SQL Injection
Description The plugin does not sanitize and escape the sorting parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks when the "Enable custom table for usermeta" option is enabled. Requirement: "Enable custom table for usermeta" option to be...
Cross site scripting
Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table...
JFinalCMS 安全漏洞
JFinalCMS is a content management system. A cross-site scripting vulnerability exists in JFinalcms version 5.0.0, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to run arbitrary code when creating a new custom...
CVE-2023-50136
Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table...
PT-2024-13869 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinalcms version 5.0.0 Description: A Cross Site Scripting XSS issue allows attackers to run arbitrary code via the name field when creating a new custom table. This enables attackers to execute malicious scripts, potentially leading to...
CVE-2023-50136
Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table...
CVE-2023-50136
CVE-2023-50136 affects JFinalcms 5.0.0. The vulnerability is a Cross-Site Scripting (XSS) in the name field used when creating a new custom table, stemming from insufficient input filtering/escaping. Reported across multiple feeds (NVD/Red Hat/CNVD/CNNVD/etc.). Potential impact is execution of ar...
CVE-2023-50136
Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table...
PT-2022-13251 · WordPress · Flo-Launch
Name of the Vulnerable Software and Affected Versions: flo-launch WordPress plugin versions prior to 2.4.1 Description: The issue allows an attacker to initiate a new site install by setting the flo custom table prefix cookie to an arbitrary value. This is possible because the plugin injects code...