Lucene search
K

35 matches found

OSV
OSV
added 2026/06/28 12:17 p.m.4 views

UBUNTU-CVE-2026-13490

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be...

6.3CVSS5.4AI score0.00309EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/28 11:0 a.m.8 views

EUVD-2026-39990

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be...

6.3CVSS5.4AI score0.00309EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/28 11:0 a.m.10 views

CVE-2026-13490

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be...

6.3CVSS5.4AI score0.00309EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/28 11:0 a.m.48 views

CVE-2026-13490 glpi-project glpi Document document.send.php canViewFile authorization

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be...

6.3CVSS0.00309EPSS
Exploits0References4
CVE
CVE
added 2026/06/28 11:0 a.m.25 views

CVE-2026-13490

The CVE concerns glpi-project glpi versions 11.0.5/11.0.6/11.0.7. It affects the Document Handler, specifically Document::canViewFile in front/document.send.php. Manipulating the docid argument can bypass authorization, enabling a remote attack. The description notes high complexity and that expl...

6.3CVSS5.4AI score0.00309EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/03 12:26 a.m.13 views

CVE-2025-65358

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

9.8CVSS7.8AI score0.00357EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/02 6:30 p.m.6 views

EUVD-2025-200279

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

7.2AI score0.00357EPSS
Exploits1References3
NVD
NVD
added 2025/12/02 5:16 p.m.9 views

CVE-2025-65358

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

9.8CVSS0.00357EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.13 views

PT-2025-48713

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

7.8AI score0.00357EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.5 views

Edoc-doctor-appointment-system 安全漏洞

Edoc-doctor-appointment-system is a simple web project for e-channels by HashenUdara Personal Developer. A security vulnerability exists in Edoc-doctor-appointment-system version v1.0.1, which stems from the docid parameter in /admin/appointment.php being susceptible to SQL injection attacks...

9.8CVSS7.8AI score0.00357EPSS
Exploits1References3
CVE
CVE
added 2025/12/02 12:0 a.m.12 views

CVE-2025-65358

Edoc-doctor-appointment-system v1.0.1 contains an SQL injection via the docid parameter in /admin/appointment.php. The root cause is unsanitized user input enabling attackers to manipulate queries, resulting in a CRITICAL impact (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Documented in multi...

9.8CVSS7.3AI score0.00357EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/12/02 12:0 a.m.12 views

CVE-2025-65358

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

0.00357EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-4504

Malware in sbrugna...

7.5CVSS6.4AI score0.01243EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-6469

Malware in sbrugna...

7.5CVSS6.4AI score0.01105EPSS
Exploits0References4
OSV
OSV
added 2024/08/22 11:15 a.m.5 views

CVE-2024-7848

The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpkupvfupdatedoc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticat...

6.5CVSS5.8AI score0.0031EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/22 12:0 a.m.5 views

PT-2024-38626 · WordPress · User Private Files

Name of the Vulnerable Software and Affected Versions: User Private Files – WordPress File Sharing Plugin versions up to, and including, 2.1.0 Description: The issue allows authenticated attackers with subscriber-level access and above to gain access to other users' private files due to missing...

6.5CVSS6.5AI score0.0031EPSS
Exploits0References10
OSV
OSV
added 2020/04/15 3:15 p.m.13 views

CVE-2020-11537

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...

9.8CVSS8.5AI score
Exploits0References2
CNVD
CNVD
added 2018/08/14 12:0 a.m.5 views

OpenEMR Directory Traversal Vulnerability (CNVD-2019-10150)

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A directory traversal vulnerability exists in portal/importtemplate.php in OpenEMR versions prior to 5.0.1.4, which can be exploited by a remote attacker to read arbitrary files via the "docid"...

6.5CVSS6.7AI score0.16682EPSS
Exploits6References1
CNVD
CNVD
added 2018/08/14 12:0 a.m.4 views

OpenEMR Directory Traversal Vulnerability (CNVD-2019-10153)

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A directory traversal vulnerability exists in portal/importtemplate.php in versions of OpenEMR prior to 5.0.1.4, which can be exploited by a remote attacker to delete arbitrary files with the help...

6.5CVSS6.8AI score0.14468EPSS
Exploits5References1
CNVD
CNVD
added 2018/08/14 12:0 a.m.6 views

OpenEMR Directory Traversal Vulnerability

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A directory traversal vulnerability exists in portal/importtemplate.php in OpenEMR versions prior to 5.0.1.4, which can be exploited by remote attackers to execute arbitrary PHP code via the "doci...

8.8CVSS8.9AI score0.18208EPSS
Exploits6References1
Rows per page
Query Builder