CVE-2026-5332 Xiaopi Panel WAF Firewall demo.php cross site scripting

A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerability affects unknown code of the file /demo.php of the component WAF Firewall. The manipulation of the argument param leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available...

CVE-2026-2122

A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public...

CVE-2026-2122

CVE-2026-2122 affects Xiaopi Panel (WAF Firewall) and its /demo.php file. The vulnerability involves manipulation of the ID argument, leading to SQL injection. Descriptions across sources indicate the flaw can be exploited remotely and that the exploit has been released publicly. Red Hat and othe...

CVE-2026-2122 Xiaopi Panel WAF Firewall demo.php sql injection

A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public...

EUVD-2026-5825

A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public...

CVE-2026-2122 Xiaopi Panel WAF Firewall demo.php sql injection

A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public...

EUVD-2018-11038

Malware in sbrugna...

Online Hotel Reservation System demo.php File SQL Injection Vulnerability

Online Hotel Reservation System is a simple online hotel reservation system. Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Start in the file /reservation/demo.php. The...

CVE-2025-6457

A vulnerability, which was classified as critical, was found in code-projects Online Hotel Reservation System 1.0. This affects an unknown part of the file /reservation/demo.php. The manipulation of the argument Start leads to sql injection. It is possible to initiate the attack remotely. The...

WordPress Plugin N-Media Website Contact Form with File Upload 1.5 - Local File Inclusion

Exploit Title: website contact form with file upload 1.5 Exploit Local File Inclusion Google Dork: inurl:"/plugins//website-contact-form-with-file-upload/" Date: 07.05.2015 Exploit Author: T3N38R15 Software Link: https://wordpress.org/plugins/website-contact-form-with-file-upload/ Version: 1.5...