32 matches found
CVE-2019-17608
Affected software: HongCMS 3.0.0. Vulnerability: Cross-Site Scripting via the install/index.php dbname parameter. Vector/Root cause: unsanitized/input handling leads to client-side script execution. Impact: attacker can execute client-side code. References: NVD entry describes XSS via the dbname ...
CVE-2018-16117
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter...
PHPSHE Arbitrary File Deletion Vulnerability
PHPSHE is an online shopping mall system. The system supports express tracking, online chat, order evaluation and statistics. A security vulnerability exists in the admin.php?mod=db&act=del script in PHPSHE version 1.7. A remote attacker can exploit this vulnerability to delete arbitrary files wi...
PT-2012-2868 · WordPress +1 · Wordpress +1
Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via the dbhost, dbname, or uname parameters in the wp-admin/setup-config.php file. The vendor disputes the significance...
Cross site scripting
Cross-site scripting XSS vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete...
CVE-2005-4450
Cross-site request forgery CSRF vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to serverprivileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown,...
CVE-2005-4450
CVE-2005-4450 describes a CSRF vulnerability in phpMyAdmin 2.7.0 where remote attackers can perform unauthorized actions as a logged-in user by exploiting a link or IMG tag to server_priv privileges.php using dbname and checkprivs. Related OSV/NVD entries also reference a tied SQL injection discu...
PT-2005-5133 · Php · Phpmyadmin
Name of the Vulnerable Software and Affected Versions: phpMyAdmin version 2.7.0 Description: A cross-site request forgery CSRF issue allows remote attackers to perform unauthorized actions as a logged-in user. This can be achieved via a link or IMG tag to "server privileges.php", utilizing the...
DEBIAN-CVE-2005-4349
SQL injection vulnerability in serverprivileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the 1 dbname and 2 checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to...
CVE-2005-4349
CVE-2005-4349 : SQL injection in phpMyAdmin 2.7.0 is reported in server_privileges.php via the dbname and checkprivs parameters. The vendor/third party dispute the issue and suggest it may be rejected; a closely related CSRF issue is tracked as CVE-2005-4450. Connected sources confirm the presenc...
PT-2005-5035 · Phpmyadmin · Phpmyadmin
Name of the Vulnerable Software and Affected Versions: phpMyAdmin version 2.7.0 Description: A SQL injection issue allows remote authenticated users to execute arbitrary SQL commands via the dbname and checkprivs parameters in the server privileges.php file. However, the vendor and a third party...
CVE-2000-0287
The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter...