3 matches found
CVE-2026-31858
Craft is a content management system CMS. The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on th...
Uc365 navigation open source version of ad***.php file SQL injection vulnerability
Youkai 365 Web site navigation open source version is based on PHP + MYSQL development and construction of open source Web site catalog management system. Uke365 navigation open source version of ad.php file SQL injection vulnerability , attackers can use this vulnerability to obtain sensitive...
Zendo Project Management Software Open Source 9.1.1 SQL Injection Vulnerability
Zendo is an open source project management software. Zendo Project Management Software Open Source 9.1.1 SQL injection vulnerability exists in module\block\control.php page. Due to the lack of filtering of the 'main' parameter, allowing attackers to exploit the vulnerability to obtain sensitive...