CVE-2023-43971

Cross Site Scripting vulnerability in ACG-faka v1.1.7 allows a remote attacker to execute arbitrary code via the encode parameter in Index.php...

CVE-2023-43971

Cross Site Scripting vulnerability in ACG-faka v1.1.7 allows a remote attacker to execute arbitrary code via the encode parameter in Index.php...

CVE-2023-43971

CVE-2023-43971 is a Cross Site Scripting vulnerability affecting ACG-faka v1.1.7. The issue allows a remote attacker to cause arbitrary code execution via the encode parameter in Index.php. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) yields a base score of 6.1 (Medium). Attack requi...

GHSA-2QM5-R82G-5HCX ThinkAdmin directory traversal vulnerability

ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...

ThinkAdmin directory traversal vulnerability

ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...

CVE-2020-25540

ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...

Directory traversal

ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...

CVE-2020-25540

ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...

PT-2020-16108 · Thinkadmin · Thinkadmin

Name of the Vulnerable Software and Affected Versions: ThinkAdmin version 6 Description: The issue allows an unauthorized attacker to read arbitrary files on a remote server via a GET request by manipulating the encode parameter. Recommendations: For ThinkAdmin version 6, update to a version that...

CVE-2010-2042

SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information...

Sql injection

SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-2042

ECShop 2.7.2 has an SQL injection in search.php via the encode parameter, allowing remote execution of arbitrary SQL commands. Affected component: ECShop (version 2.7.2); vulnerability arises from improper handling in search.php. Impact details and remediation steps are not provided in the suppli...

CVE-2010-2042

SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information...