CVE-2026-33486

Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 allows an authenticated attacker to read any file on the server's local file system that the web...

GHSA-RC55-58F4-687G Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents

This vulnerability allows an authenticated attacker to read any file on the server's local file system that the web server process has access to, including highly sensitive environment variables, database credentials, and internal configuration files. | Field | Details | | :--- | :--- | |...

CVE-2020-28115

SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the objectpath parameter...

The vulnerability of the Documents component of the Oracle One-to-One Fulfillment application system, a business automation solution from Oracle E-Business Suite, allows an attacker to gain access to read, modify, add, or delete data.

The vulnerability of the Documents component in the Oracle One-to-One Fulfillment system, a business automation solution from Oracle E-Business Suite, exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to...

The vulnerability of the Documents component of the Oracle One-to-One Fulfillment application allows a perpetrator to gain access to update, modify, or delete data.

The vulnerability of the Documents component in the Oracle One-to-One Fulfillment application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to update, modify, or delete data using the HTTP protocol...

Oracle E-Business Suite Oracle One-to-One Fulfillment 安全漏洞

Oracle E-Business Suite is an extension of the original Application ERP, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management, and so on, a collection of management software, is a seamless integration of a management suite. Oracle One-to-O...

CVE-2020-28115

SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the objectpath parameter...

CVE-2020-28115

SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the objectpath parameter...

Sql injection

SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the objectpath parameter...

CVE-2020-28115

SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the objectpath parameter...

CVE-2020-28115

AudimexEE’s CVE-2020-28115 is a SQL injection in the Documents component of version 14.1.0, exploitable via the object_path parameter. Multiple connected sources corroborate: CNVD-2020-65171 states the vulnerability exists in AudimexEE versions prior to 14.1.1, implying a fixed version is 14.1.1....

CVE-2014-3832

Cross-site scripting XSS vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the printunescaped function...