CVE-2021-47853

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

EUVD-2026-3636

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

CVE-2021-47853

Removed by vendor...

CVE-2023-50136

Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table...

EUVD-2023-54963

Malicious code in bioql PyPI...

Ultimate Member 2.1.3 - 2.8.2 - Unauthenticated SQL Injection

Description The plugin does not sanitize and escape the sorting parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks when the "Enable custom table for usermeta" option is enabled. Requirement: "Enable custom table for usermeta" option to be...

Ultimate Member 2.1.3 - 2.8.2 - Unauthenticated SQL Injection

Description The plugin does not sanitize and escape the sorting parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks when the "Enable custom table for usermeta" option is enabled. PoC Requirement: "Enable custom table for usermeta" option t...

CVE-2023-50136

Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table...

Cross site scripting

Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table...

JFinalCMS 安全漏洞

JFinalCMS is a content management system. A cross-site scripting vulnerability exists in JFinalcms version 5.0.0, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to run arbitrary code when creating a new custom...

PT-2024-13869 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalcms version 5.0.0 Description: A Cross Site Scripting XSS issue allows attackers to run arbitrary code via the name field when creating a new custom table. This enables attackers to execute malicious scripts, potentially leading to...

CVE-2023-50136

CVE-2023-50136 affects JFinalcms 5.0.0. The vulnerability is a Cross-Site Scripting (XSS) in the name field used when creating a new custom table, stemming from insufficient input filtering/escaping. Reported across multiple feeds (NVD/Red Hat/CNVD/CNNVD/etc.). Potential impact is execution of ar...

CVE-2023-50136

Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table...

CVE-2023-50136

Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table...

PT-2022-13251 · WordPress · Flo-Launch

Name of the Vulnerable Software and Affected Versions: flo-launch WordPress plugin versions prior to 2.4.1 Description: The issue allows an attacker to initiate a new site install by setting the flo custom table prefix cookie to an arbitrary value. This is possible because the plugin injects code...