Lucene search
K

97 matches found

CNNVD
CNNVD
added 2024/01/26 12:0 a.m.6 views

Cups Easy 跨站脚本漏洞

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the delete parameter on the /cupseasylive/stockissuancelist.php page. An attacker could...

8.2CVSS6.9AI score0.00437EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/28 12:0 a.m.5 views

Task Reminder System SQL Injection Vulnerability

Task Reminder System is a Task Reminder System by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Task Reminder System version 1.0, which stems from the parameter id of the file classes/Users.php?f=delete that can lead to SQL injection...

9.8CVSS7.9AI score0.00418EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.6 views

TONGDA Office Anywhere SQL Injection Vulnerability

TONGDA Office Anywhere is a collaborative office OA system. A security vulnerability exists in TONGDA Office Anywhere version 11.10, which originates from a SQL injection vulnerability in the parameter deleteSTR in the file setprint/delete.php...

9.8CVSS7.9AI score0.00723EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/09/09 12:0 a.m.4 views

SourceCodester Simple Book Catalog App SQL Injection Vulnerability

Simple Book Catalog App is a simple book catalog application by the individual developer Remy Andrade. A SQL injection vulnerability exists in SourceCodester Simple Book Catalog App version 1.0, which stems from an unknown function in the file deletebook.php that causes a sql injection via the...

9.8CVSS8.1AI score0.00775EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/07/31 11:15 p.m.5 views

CVE-2023-39122

BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 and is also fixed by a patch for 9.0.20.200...

9.8CVSS7.4AI score0.00558EPSS
Exploits0References2
OSV
OSV
added 2022/12/13 2:15 p.m.18 views

CVE-2022-46047

AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter...

4.9CVSS8AI score0.00756EPSS
Exploits1References1
NVD
NVD
added 2022/12/13 2:15 p.m.21 views

CVE-2022-46047

AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter...

4.9CVSS0.00756EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/12/13 12:0 a.m.6 views

CVE-2022-46047

AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter...

6.1AI score0.00756EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/05/26 6:15 p.m.3 views

CVE-2022-30508

DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter...

6.5CVSS6.7AI score0.01076EPSS
Exploits1References2
OSV
OSV
added 2022/05/26 6:15 p.m.5 views

CVE-2022-30508

DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter...

6.5CVSS5.9AI score0.01076EPSS
Exploits1References1
Prion
Prion
added 2022/05/26 6:15 p.m.21 views

Arbitrary file deletion

DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter...

5.5CVSS6.6AI score0.01076EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/05/26 12:0 a.m.8 views

PT-2022-20146 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.93 Description: The issue is related to an arbitrary file deletion vulnerability. It affects the upload.php file via the delete parameter. Recommendations: For DedeCMS version 5.7.93, consider restricting access to the...

6.5CVSS6.4AI score0.01076EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/05/26 12:0 a.m.5 views

Desdev DedeCMS 路径遍历漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. DedeCMS v5.7.93 version of a security...

6.5CVSS6.7AI score0.01076EPSS
Exploits1References2
NVD
NVD
added 2022/05/06 2:15 p.m.20 views

CVE-2020-19212

SQL Injection vulnerability in admin/grouplist.php in piwigo v2.9.5, via the group parameter to delete...

4.9CVSS0.00822EPSS
Exploits1References1
OSV
OSV
added 2020/01/06 8:15 p.m.2 views

CVE-2020-5513

Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal...

6.8CVSS5.8AI score0.25792EPSS
Exploits1References2
CNVD
CNVD
added 2019/01/02 12:0 a.m.1 views

Simply-Blog SQL Injection Vulnerability

Simply-Blog is a versatile content management panel based on PHP and MySQL. A SQL injection vulnerability exists in the admin/deleteCategories.php file in Simply-Blog 2019-01-01 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help ...

7.5CVSS8.6AI score0.01056EPSS
Exploits1References1
CNVD
CNVD
added 2018/03/20 12:0 a.m.16 views

WampServer Cross-Site Scripting Vulnerability

WampServer is an integrated installation of Apache, Mysql and PHP for the Windows platform. A cross-site scripting vulnerability exists in WampServer version 3.1.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the 'virtualdel' parameter...

5.4CVSS6AI score0.01748EPSS
Exploits5References1
CNVD
CNVD
added 2017/05/29 12:0 a.m.1 views

Xionghai CMS system delete parameter exists sql injection vulnerability

XIONGHAI CMS is developed by XIONGHAI can be widely used in personal blogs, personal websites, corporate websites, a set of integrated website management system. Applicable to personal blogs, personal websites, corporate websites and other various purposes, the front end of the computer, mobile t...

7.1AI score
Exploits0
CNVD
CNVD
added 2017/05/11 12:0 a.m.5 views

flatCore File Deletion Vulnerability

flatCore is a content management system based on PHP5 and SQLite3. A file deletion vulnerability exists in flatCore version 1.4.7, which allows an attacker to delete the acp/acp.php file by traversing the delete parameter...

7.5CVSS7.6AI score0.01854EPSS
Exploits0References1
NVD
NVD
added 2017/03/20 4:59 p.m.22 views

CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

3.5CVSS3.3AI score0.14953EPSS
Exploits2References7
Rows per page
Query Builder