212 matches found
Asial JpGraph Security Vulnerability
Asial JpGraph is an object-oriented PHP graph creation library from Asial. A security vulnerability exists in Asial JpGraph version 4.2.6-pro and prior versions. A remote attacker can use this vulnerability to execute arbitrary code via a PHP load in the data parameter and a .php filename in the...
CVE-2024-39165
QR/demoapp/qrimage.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the...
PT-2024-28374
Name of the Vulnerable Software and Affected Versions: Asial JpGraph Professional versions 4.2.6-pro and earlier Description: The issue allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This...
WordPress Unlimited Elements For Elementor plugin <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter vulnerability
Authenticated Contributor+ Blind SQL Injection via dataaddonID Parameter vulnerability discovered by Khayal Farzaliyev shaman0x01 in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.109...
CVE-2024-4779
The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to SQL Injection via the ‘datapostids0’ parameter in all versions up to, and including, 1.5.107 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
PT-2024-26520 · WordPress · Penci Soledad Data Migrator
Name of the Vulnerable Software and Affected Versions: Penci Soledad Data Migrator plugin for WordPress versions up to, and including, 1.3.0 Description: The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion via the data parameter. This allows unauthenticated...
Cybrosys Techno Solutions Text Commander 安全漏洞
Cybrosys Techno Solutions Text Commander is an application from Cybrosys Techno Solutions. A security vulnerability exists in Cybrosys Techno Solutions Text Commander versions 16.0 through 16.0.1. A remote attacker can exploit the vulnerability to gain privileges via the data parameter of...
Vyper 安全漏洞
Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper 0.3.10 and earlier versions, which stems from when the buffer parameters are msg.data, self.code, .code, start, length...
CVE-2023-49258
User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminaltool.cgi" in the "data" parameter...
Hikvision Intercom Broadcasting System Operating System Command Injection Vulnerability
Hikvision Intercom Broadcasting System is an intercom broadcasting system from Hikvision China. An operating system command injection vulnerability exists in Hikvision Intercom Broadcasting System version 3.0.320201113RELEASE HIK, which stems from the parameter jsondataip in the file /php/ping.ph...
CVE-2023-46478
An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customerdata parameter...
MinCal Security Breach
MinCal is a calculator application from the MinCal open source. A security vulnerability exists in MinCal version v.1.0.0 that originates from a vulnerability that allows remote attackers to execute arbitrary code via the customerdata parameter using a carefully crafted script...
CVE-2023-43325
A reflected cross-site scripting XSS vulnerability in the dataredirecturl parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL...
Cross site scripting
A reflected cross-site scripting XSS vulnerability in the dataredirecturl parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL...
CVE-2023-43325
A reflected cross-site scripting XSS vulnerability in the dataredirecturl parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL...
Inventory Management System SQL注入漏洞
Inventory Management System is an inventory management system by the individual developer of stemword. Inventory Management System version 1.0 suffers from a SQL injection vulnerability that stems from the parameter columns0data in the file staffdata.php, which can lead to sql injection...
Inventory Management System SQL注入漏洞
Inventory Management System is an inventory management system by stemword individual developers. A SQL injection vulnerability exists in Free and Open Source Inventory Management System version 1.0, which stems from an incorrect manipulation of the columns0data parameter that can lead to sql...
PT-2023-29264 · Sourcecodester · Sourcecodester Free/Open Source Inventory Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Free and Open Source Inventory Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /index.php?page=member. The manipulation of the columns0data...
CVE-2023-4201
A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file excatagorydata.php. The manipulation of the argument columns1data leads to sql injection. The attack may be initiated remotely. The exploi...
CVE-2023-4199
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file catagorydata.php. The manipulation of the argument columns1data leads to sql injection. It is possible to initiate the attack remotely. The...