EUVD-2019-17275

Malware in sbrugna...

CVE-2024-10598

A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. The attack can be...

CVE-2025-2951 Bluestar Micro Mall data.php sql injection

A vulnerability classified as critical has been found in Bluestar Micro Mall 1.0. Affected is an unknown function of the file /api/data.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public a...

CVE-2024-10598 Tongda OA Annual Leave data.php improper authorization

A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. The attack can be...

CVE-2024-41358

phpipam 1.6 is vulnerable to Cross Site Scripting XSS via app\admin\import-export\import-load-data.php...

CVE-2024-41358

CVE-2024-41358 affects phpIPAM 1.6. The vulnerability is a Cross-Site Scripting (XSS) issue in the import path app/admin/import-export/import-load-data.php. Root cause details are not provided in the documents beyond the XSS description. Potential impact is reflected as low confidentiality and in...

CVE-2024-41358

phpipam 1.6 is vulnerable to Cross Site Scripting XSS via app\admin\import-export\import-load-data.php...

CVE-2024-41358

phpipam 1.6 is vulnerable to Cross Site Scripting XSS via app\admin\import-export\import-load-data.php...

GHSA-PGJ4-G5J4-CMFX cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction

cart2quote/module-quotation-encoded extension may expose a critical security vulnerability by utilizing the unserialize function when processing data from a GET request. This flaw, present in the app/code/community/Ophirah/Qquoteadv/controllers/DownloadController.php and...

cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction

cart2quote/module-quotation-encoded extension may expose a critical security vulnerability by utilizing the unserialize function when processing data from a GET request. This flaw, present in the app/code/community/Ophirah/Qquoteadv/controllers/DownloadController.php and...

S-CMS Security Vulnerabilities

S-CMS is a content management system CMS based on PHP and MySQL from China S-CMS Company. A security vulnerability exists in S-CMS v5.0, which originates from an arbitrary file read vulnerability in /WWW/admin/data.php...

CVE-2023-33558

An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames...

CVE-2023-33558

An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames...

CVE-2023-33558

CVE-2023-33558 affects OcoMon (Ocomon) prior to version 4.0.1. The vulnerability is an information disclosure in the component users-grid-data.php, allowing attackers to obtain sensitive information such as emails and usernames. Affected software: Ocomon before 4.0.1; root cause: information disc...

PT-2023-29570 · Sourcecodester · Sourcecodester Inventory Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Inventory Management System version 1.0 Description: A vulnerability has been found in the SourceCodester Inventory Management System, affecting an unknown functionality of the file suppliar data.php. The manipulation of the...

CVE-2021-31737

CVE-2021-31737 affects emlog v5.3.1 and v6.0.0. Description across Red Hat, CNVD, NVD and CNVD confirms a Remote Code Execution vulnerability caused by uploading a database backup file via admin/data.php. The root cause is the handling of uploaded database backups leading to code execution on the...

Emlog 代码问题漏洞

emlog is a powerful blog and CMS builder based on PHP and MySQL. A remote code execution vulnerability exists in emlog versions 5.3.1, 6.0.0. The vulnerability stems from uploading a database backup file in admin/data.php. An attacker can exploit this vulnerability to achieve remote code executio...

WordPress SuperStoreFinder / SuperInteractiveMaps 6.3 SQL Injection Vulnerability

?php Title : SuperStoreFinder & SuperInteractiveMaps Wordpress Plugin SQL Injection Researcher : Eagle Eye Exploit Name : SSF & SIM SQL Injection Request type : POST Plugin Author : Joe lz Plugin Website : https://superstorefinder.net/ Version Affected : All version include latest 6.3 Tested on :...

openSIS Remote Code Execution Vulnerability (CNVD-2020-50534)

openSIS is a free, open source student information system/school management software. A remote code execution vulnerability exists in the install function in openSIS 7.4. An attacker can exploit this vulnerability by sending an HTTP request to inject PHP code into the Data.php file via the userna...

CVE-2020-6144

A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The username variable which is set at line 121 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this...