28 matches found
EUVD-2021-23202
Malware in sbrugna...
EUVD-2025-14659
Malicious code in bioql PyPI...
EUVD-2025-14302
Malicious code in bioql PyPI...
CVE-2021-36605
engineercms 1.03 is vulnerable to Cross Site Scripting XSS. There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser...
CVE-2025-44831
EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface...
CVE-2025-44830
EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface...
SQL Injection
Overview github.com/3xxx/engineercms/models is a data management platform. Affected versions of this package are vulnerable to SQL Injection through the /project/addproject interface. An attacker can manipulate database queries and access or modify data without proper authorization by injecting...
CVE-2025-44831
EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface...
CVE-2025-44831
EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface...
CVE-2025-44831
EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface...
CVE-2025-44831
EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface...
engineercms 安全漏洞
engineercms is an engineer knowledge management system by hotqin888 individual developer. A security vulnerability exists in engineercms versions 1.02 through 2.0.5, which originates from a SQL injection in the /project/addproject interface...
PT-2025-20913 · Unknown · Engineercms
Name of the Vulnerable Software and Affected Versions: EngineerCMS versions 1.02 through 2.0.5 Description: The issue is a SQL injection vulnerability in the "/project/addproject" interface. This vulnerability allows for the injection of malicious SQL code, potentially leading to unauthorized...
CVE-2025-44831
EngineerCMS v1.02–v2.0.5 contains a SQL injection vulnerability in the /project/addproject interface. Multiple sources confirm the affected versions and the injection pathway, with evidence describing the vulnerability as allowing arbitrary SQL commands through that endpoint. The root cause is an...
CVE-2025-44830
EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface...
CVE-2025-44830
EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface...
CVE-2025-44830
EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface...
CVE-2025-44830
EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface...
PT-2025-20708 · Unknown · Engineercms
Name of the Vulnerable Software and Affected Versions: EngineerCMS versions 1.02 through 2.0.5 Description: The issue is a SQL injection vulnerability in the "/project/addprojtemplet" interface. This vulnerability allows for the injection of malicious SQL code, potentially leading to unauthorized...
engineercms 安全漏洞
engineercms is an engineer knowledge management system by hotqin888 individual developer. A security vulnerability exists in engineercms v1.02 to v2.0.5, which originates from a SQL injection in the /project/addprojtemplet interface...