EUVD-2007-3670

Malware in sbrugna...

EUVD-2022-31184

Malicious code in bioql PyPI...

CVE-2022-26630

Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php...

SQL Injection

prestashop/prestashop is vulnerable to SQL Injection. The vulnerability is due to improper SQL sanitization in Db.php, allowing an authenticated attacker to inject and execute malicious SQL queries into the system...

SQL Injection

prestashop/prestashop is vulnerable to SQL injection. The vulnerability is due to improper sql sanitization in Db.php which allows an attacker to inject and execute malicious SQL queries...

Cross site scripting

A cross-site scripting XSS vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php...

CVE-2022-26630

Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php...

CVE-2022-26630

Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php...

CVE-2022-26630

CVE-2022-26630 affects Jellycms v3.8.1 and earlier. Multiple connected sources confirm an arbitrary file upload vulnerability via the path app/admin/Controllers/db.php, impacting potentially file upload functions. Exploit specifics, affected products beyond JellyCMS, and remediation steps are not...

GPWeb Information Disclosure Vulnerability

GPWeb is a suite of public management software dedicated to the Brazilian government sector. An information disclosure vulnerability exists in the db.php file in GPWeb version 8.4.61. A remote attacker could exploit this vulnerability to view passwords and user databases...

CVE-2017-15877

Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...

CVE-2017-15877

Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...

Design/Logic Flaw

Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...

CVE-2017-15877

The CVE-2017-15877 entry concerns GPWeb 8.4.61, where an Insecure Permissions issue in db.php allows remote attackers to view password and user databases. This is supported by multiple connected records (NVD entry and CNVD/PRION/CVELIST variants) referencing GPWeb 8.4.61 and information disclosur...

CVE-2017-15877

Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...

cantus.org XSS vulnerability

Vulnerable URL: http://www.cantus.org/notenarchiv/notenarchiv-db.php?Suchstring=1/-///'/"//--...

WordPress Cross-Site Scripting Vulnerability (CNVD-2016-03647)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation. A cross-site scripting vulnerability exists in the wp-includes/wp-db.php file in versions of WordPress prior to 4.2.2, which can be exploited by remote attackers to inject arbitrary web...

WordPress <= 4.2.1 - XSS

This vulnerability in wp-includes/wp-db.php allows an attacker to inject arbitrary web script or HTML via a long comment which is improperly stored because there are some limitations on the MySQL TEXT data type. Solution Update WordPress...

Discuz X2.5 /uc_server/control/admin/db.php 路径泄露漏洞

No description provided by source...

CVE-2015-3440

Cross-site scripting XSS vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type...