97 matches found
Cups Easy 跨站脚本漏洞
Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the delete parameter on the /cupseasylive/stockissuancelist.php page. An attacker could...
Task Reminder System SQL Injection Vulnerability
Task Reminder System is a Task Reminder System by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Task Reminder System version 1.0, which stems from the parameter id of the file classes/Users.php?f=delete that can lead to SQL injection...
TONGDA Office Anywhere SQL Injection Vulnerability
TONGDA Office Anywhere is a collaborative office OA system. A security vulnerability exists in TONGDA Office Anywhere version 11.10, which originates from a SQL injection vulnerability in the parameter deleteSTR in the file setprint/delete.php...
SourceCodester Simple Book Catalog App SQL Injection Vulnerability
Simple Book Catalog App is a simple book catalog application by the individual developer Remy Andrade. A SQL injection vulnerability exists in SourceCodester Simple Book Catalog App version 1.0, which stems from an unknown function in the file deletebook.php that causes a sql injection via the...
CVE-2023-39122
BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 and is also fixed by a patch for 9.0.20.200...
CVE-2022-46047
AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter...
CVE-2022-46047
AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter...
CVE-2022-46047
AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter...
CVE-2022-30508
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter...
CVE-2022-30508
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter...
Arbitrary file deletion
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter...
PT-2022-20146 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.93 Description: The issue is related to an arbitrary file deletion vulnerability. It affects the upload.php file via the delete parameter. Recommendations: For DedeCMS version 5.7.93, consider restricting access to the...
Desdev DedeCMS 路径遍历漏洞
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. DedeCMS v5.7.93 version of a security...
CVE-2020-19212
SQL Injection vulnerability in admin/grouplist.php in piwigo v2.9.5, via the group parameter to delete...
CVE-2020-5513
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal...
Simply-Blog SQL Injection Vulnerability
Simply-Blog is a versatile content management panel based on PHP and MySQL. A SQL injection vulnerability exists in the admin/deleteCategories.php file in Simply-Blog 2019-01-01 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help ...
WampServer Cross-Site Scripting Vulnerability
WampServer is an integrated installation of Apache, Mysql and PHP for the Windows platform. A cross-site scripting vulnerability exists in WampServer version 3.1.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the 'virtualdel' parameter...
Xionghai CMS system delete parameter exists sql injection vulnerability
XIONGHAI CMS is developed by XIONGHAI can be widely used in personal blogs, personal websites, corporate websites, a set of integrated website management system. Applicable to personal blogs, personal websites, corporate websites and other various purposes, the front end of the computer, mobile t...
flatCore File Deletion Vulnerability
flatCore is a content management system based on PHP5 and SQLite3. A file deletion vulnerability exists in flatCore version 1.4.7, which allows an attacker to delete the acp/acp.php file by traversing the delete parameter...
CVE-2017-5930
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...