Lucene search
K

212 matches found

CNNVD
CNNVD
added 2024/07/04 12:0 a.m.4 views

Asial JpGraph Security Vulnerability

Asial JpGraph is an object-oriented PHP graph creation library from Asial. A security vulnerability exists in Asial JpGraph version 4.2.6-pro and prior versions. A remote attacker can use this vulnerability to execute arbitrary code via a PHP load in the data parameter and a .php filename in the...

9.8CVSS7.9AI score0.00806EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/07/04 12:0 a.m.11 views

CVE-2024-39165

QR/demoapp/qrimage.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the...

9.8CVSS8AI score0.00806EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/04 12:0 a.m.3 views

PT-2024-28374

Name of the Vulnerable Software and Affected Versions: Asial JpGraph Professional versions 4.2.6-pro and earlier Description: The issue allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This...

9.8CVSS7AI score0.00806EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/06/06 2:59 a.m.5 views

WordPress Unlimited Elements For Elementor plugin <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter vulnerability

Authenticated Contributor+ Blind SQL Injection via dataaddonID Parameter vulnerability discovered by Khayal Farzaliyev shaman0x01 in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.109...

8.8CVSS8.1AI score0.00509EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/05/23 10:15 a.m.2 views

CVE-2024-4779

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to SQL Injection via the ‘datapostids0’ parameter in all versions up to, and including, 1.5.107 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

8.8CVSS5.8AI score0.00454EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.7 views

PT-2024-26520 · WordPress · Penci Soledad Data Migrator

Name of the Vulnerable Software and Affected Versions: Penci Soledad Data Migrator plugin for WordPress versions up to, and including, 1.3.0 Description: The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion via the data parameter. This allows unauthenticated...

9.8CVSS8.2AI score0.00689EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/05/06 12:0 a.m.3 views

Cybrosys Techno Solutions Text Commander 安全漏洞

Cybrosys Techno Solutions Text Commander is an application from Cybrosys Techno Solutions. A security vulnerability exists in Cybrosys Techno Solutions Text Commander versions 16.0 through 16.0.1. A remote attacker can exploit the vulnerability to gain privileges via the data parameter of...

7.3CVSS7.3AI score0.00497EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/25 12:0 a.m.4 views

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper 0.3.10 and earlier versions, which stems from when the buffer parameters are msg.data, self.code, .code, start, length...

5.3CVSS7AI score0.00451EPSS
Exploits0References2
OSV
OSV
added 2024/01/12 3:15 p.m.5 views

CVE-2023-49258

User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminaltool.cgi" in the "data" parameter...

6.1CVSS5.8AI score0.00556EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/17 12:0 a.m.4 views

Hikvision Intercom Broadcasting System Operating System Command Injection Vulnerability

Hikvision Intercom Broadcasting System is an intercom broadcasting system from Hikvision China. An operating system command injection vulnerability exists in Hikvision Intercom Broadcasting System version 3.0.320201113RELEASE HIK, which stems from the parameter jsondataip in the file /php/ping.ph...

9.8CVSS7.6AI score0.89138EPSS
Exploits2References4
NVD
NVD
added 2023/10/30 11:15 p.m.15 views

CVE-2023-46478

An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customerdata parameter...

8.8CVSS8.8AI score0.00973EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/10/30 12:0 a.m.3 views

MinCal Security Breach

MinCal is a calculator application from the MinCal open source. A security vulnerability exists in MinCal version v.1.0.0 that originates from a vulnerability that allows remote attackers to execute arbitrary code via the customerdata parameter using a carefully crafted script...

8.8CVSS7.8AI score0.00973EPSS
Exploits1References2
NVD
NVD
added 2023/09/26 12:15 a.m.21 views

CVE-2023-43325

A reflected cross-site scripting XSS vulnerability in the dataredirecturl parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL...

6.1CVSS5.9AI score0.01857EPSS
Exploits4References3
Prion
Prion
added 2023/09/26 12:15 a.m.19 views

Cross site scripting

A reflected cross-site scripting XSS vulnerability in the dataredirecturl parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL...

5.8CVSS5.8AI score0.01857EPSS
Exploits4References3Affected Software1
Cvelist
Cvelist
added 2023/09/25 12:0 a.m.25 views

CVE-2023-43325

A reflected cross-site scripting XSS vulnerability in the dataredirecturl parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL...

6AI score0.01857EPSS
Exploits4References3
CNNVD
CNNVD
added 2023/08/27 12:0 a.m.4 views

Inventory Management System SQL注入漏洞

Inventory Management System is an inventory management system by the individual developer of stemword. Inventory Management System version 1.0 suffers from a SQL injection vulnerability that stems from the parameter columns0data in the file staffdata.php, which can lead to sql injection...

9.8CVSS7.1AI score0.00649EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/08/21 12:0 a.m.1 views

Inventory Management System SQL注入漏洞

Inventory Management System is an inventory management system by stemword individual developers. A SQL injection vulnerability exists in Free and Open Source Inventory Management System version 1.0, which stems from an incorrect manipulation of the columns0data parameter that can lead to sql...

8.8CVSS7.1AI score0.0069EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/08/21 12:0 a.m.3 views

PT-2023-29264 · Sourcecodester · Sourcecodester Free/Open Source Inventory Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Free and Open Source Inventory Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /index.php?page=member. The manipulation of the columns0data...

8.8CVSS8.1AI score0.0069EPSS
Exploits1References5
OSV
OSV
added 2023/08/07 8:15 p.m.6 views

CVE-2023-4201

A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file excatagorydata.php. The manipulation of the argument columns1data leads to sql injection. The attack may be initiated remotely. The exploi...

9.8CVSS5.8AI score0.00649EPSS
Exploits1References3
OSV
OSV
added 2023/08/07 6:15 p.m.4 views

CVE-2023-4199

A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file catagorydata.php. The manipulation of the argument columns1data leads to sql injection. It is possible to initiate the attack remotely. The...

7.5CVSS5.7AI score0.00533EPSS
Exploits1References3
Rows per page
Query Builder