10 matches found
CVE-2026-33486
Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 allows an authenticated attacker to read any file on the server's local file system that the web...
GHSA-RC55-58F4-687G Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents
This vulnerability allows an authenticated attacker to read any file on the server's local file system that the web server process has access to, including highly sensitive environment variables, database credentials, and internal configuration files. | Field | Details | | :--- | :--- | |...
CVE-2020-28115
SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the objectpath parameter...
Oracle E-Business Suite Oracle One-to-One Fulfillment 安全漏洞
Oracle E-Business Suite is an extension of the original Application ERP, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management, and so on, a collection of management software, is a seamless integration of a management suite. Oracle One-to-O...
CVE-2020-28115
SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the objectpath parameter...
CVE-2020-28115
SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the objectpath parameter...
Sql injection
SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the objectpath parameter...
CVE-2020-28115
SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the objectpath parameter...
CVE-2020-28115
AudimexEE’s CVE-2020-28115 is a SQL injection in the Documents component of version 14.1.0, exploitable via the object_path parameter. Multiple connected sources corroborate: CNVD-2020-65171 states the vulnerability exists in AudimexEE versions prior to 14.1.1, implying a fixed version is 14.1.1....
CVE-2014-3832
Cross-site scripting XSS vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the printunescaped function...