Lucene search
+L

8 matches found

EUVD
EUVD
added 2026/07/01 4:13 p.m.7 views

EUVD-2026-41061

Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php line 124: SELECT FROM complex WHERE name='".$GET'name'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 4:13 p.m.8 views

CVE-2026-34104 Guardian Language-System Unauthenticated SQL Injection via name Parameter in designer.php

Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php line 124: SELECT FROM complex WHERE name='".$GET'name'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:13 p.m.15 views

CVE-2026-34104

The CVE-2026-34104 entry describes an unauthenticated SQL injection in Guardian Language-System via the name parameter in designer.php. The flaw arises because the GET parameter name is directly inserted into an unsanitized SQL query (SELECT * FROM complex WHERE name='".$_GET['name']."'), allowin...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 4:13 p.m.37 views

CVE-2026-34104 Guardian Language-System Unauthenticated SQL Injection via name Parameter in designer.php

Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php line 124: SELECT FROM complex WHERE name='".$GET'name'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS0.00373EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:33 a.m.10 views

CVE-2023-27637

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised productid GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL...

9.8CVSS7.7AI score0.03299EPSS
Exploits1References1
Prion
Prion
added 2023/03/22 1:15 p.m.14 views

Sql injection

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised productid GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL...

7.5CVSS9.6AI score0.03299EPSS
Exploits1References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2023/03/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-27637

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised productid GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL...

9.8CVSS7.2AI score0.03299EPSS
Exploits1References1
Prion
Prion
added 2022/02/04 11:15 p.m.25 views

Design/Logic Flaw

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

4.3CVSS6.2AI score0.70511EPSS
Exploits3References2Affected Software1
Rows per page
Query Builder