EUVD-2021-1074

Malware in sbrugna...

EUVD-2019-4953

Malware in sbrugna...

PT-2023-14812 · Unknown · Phpgurukul Doctor Appointment Management System

Name of the Vulnerable Software and Affected Versions: phpgurukul Doctor Appointment Management System version 1.0.0 Description: The issue concerns a Cross Site Scripting XSS vulnerability. It can be exploited via the searchdata variable. Recommendations: For phpgurukul Doctor Appointment...

GHSA-G4XJ-WCQ6-QWX5 Code injection in mock2easy

This affects all versions up to and including version 0.0.24 of package mock2easy. a malicious user could inject commands through the data variable: Affected Area js require'../server/getJsonByCurl'mock2easy, functionerror, stdout if error return res.json500, error; res.jsonJSON.parsestdout; , ''...

Sql injection

Trape through 2019-05-08 has SQL injection via the data2 variable in core/db.py, as demonstrated by the /bs t parameter...

PHPMyWind 5.1 /include/common.func.php 代码执行漏洞

/include/common.func.php/字符串转数组/ if!functionexists'String2Array' function String2Array$data if$data == '' return array; @eval"$array = $data;"; return $array; $data变量进入eval执行，当传入$data为：111|222$phpinfo执行的PHP语句为：@eval"$array = array"1"="111|222$phpinfo","2"="";;"页面返回：...