Lucene search
K

32 matches found

CVE
CVE
added 2019/10/16 9:15 p.m.91 views

CVE-2019-17608

Affected software: HongCMS 3.0.0. Vulnerability: Cross-Site Scripting via the install/index.php dbname parameter. Vector/Root cause: unsanitized/input handling leads to client-side script execution. Impact: attacker can execute client-side code. References: NVD entry describes XSS via the dbname ...

6.1CVSS6AI score0.01029EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/06/20 5:15 p.m.6 views

CVE-2018-16117

A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter...

8.8CVSS6.1AI score0.44343EPSS
Exploits0References3
CNVD
CNVD
added 2018/10/19 12:0 a.m.5 views

PHPSHE Arbitrary File Deletion Vulnerability

PHPSHE is an online shopping mall system. The system supports express tracking, online chat, order evaluation and statistics. A security vulnerability exists in the admin.php?mod=db&act=del script in PHPSHE version 1.7. A remote attacker can exploit this vulnerability to delete arbitrary files wi...

7.5CVSS7.7AI score0.01835EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2012/01/30 12:0 a.m.9 views

PT-2012-2868 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via the dbhost, dbname, or uname parameters in the wp-admin/setup-config.php file. The vendor disputes the significance...

4.3CVSS6.8AI score0.03751EPSS
Exploits7References15
Prion
Prion
added 2008/01/12 1:46 a.m.22 views

Cross site scripting

Cross-site scripting XSS vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete...

4.3CVSS6.2AI score0.03949EPSS
Exploits2References8Affected Software1
NVD
NVD
added 2005/12/21 11:3 a.m.27 views

CVE-2005-4450

Cross-site request forgery CSRF vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to serverprivileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown,...

7.5CVSS7.6AI score0.01153EPSS
Exploits0References1
CVE
CVE
added 2005/12/21 11:0 a.m.59 views

CVE-2005-4450

CVE-2005-4450 describes a CSRF vulnerability in phpMyAdmin 2.7.0 where remote attackers can perform unauthorized actions as a logged-in user by exploiting a link or IMG tag to server_priv privileges.php using dbname and checkprivs. Related OSV/NVD entries also reference a tied SQL injection discu...

7.5CVSS7.7AI score0.01153EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2005/12/21 12:0 a.m.15 views

PT-2005-5133 · Php · Phpmyadmin

Name of the Vulnerable Software and Affected Versions: phpMyAdmin version 2.7.0 Description: A cross-site request forgery CSRF issue allows remote attackers to perform unauthorized actions as a logged-in user. This can be achieved via a link or IMG tag to "server privileges.php", utilizing the...

7.5CVSS7.1AI score0.01153EPSS
Exploits0References4
OSV
OSV
added 2005/12/19 11:3 a.m.3 views

DEBIAN-CVE-2005-4349

SQL injection vulnerability in serverprivileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the 1 dbname and 2 checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to...

6.3CVSS8.6AI score0.0139EPSS
Exploits0References1
CVE
CVE
added 2005/12/19 11:0 a.m.61 views

CVE-2005-4349

CVE-2005-4349 : SQL injection in phpMyAdmin 2.7.0 is reported in server_privileges.php via the dbname and checkprivs parameters. The vendor/third party dispute the issue and suggest it may be rejected; a closely related CSRF issue is tracked as CVE-2005-4450. Connected sources confirm the presenc...

6.5CVSS8AI score0.0139EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2005/12/19 12:0 a.m.5 views

PT-2005-5035 · Phpmyadmin · Phpmyadmin

Name of the Vulnerable Software and Affected Versions: phpMyAdmin version 2.7.0 Description: A SQL injection issue allows remote authenticated users to execute arbitrary SQL commands via the dbname and checkprivs parameters in the server privileges.php file. However, the vendor and a third party...

6.5CVSS8.1AI score0.0139EPSS
Exploits0References11
NVD
NVD
added 2000/04/12 4:0 a.m.20 views

CVE-2000-0287

The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter...

10CVSS7.6AI score0.10625EPSS
Exploits1References2
Rows per page
Query Builder