Lucene search
K

450 matches found

AlpineLinux
AlpineLinux
added 2023/02/20 11:15 p.m.32 views

CVE-2022-48339

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell...

7.8CVSS8AI score0.01132EPSS
Exploits0
Prion
Prion
added 2023/02/20 11:15 p.m.31 views

Command injection

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell...

4.4CVSS8.8AI score0.01132EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:5 a.m.5 views

SUSE CVE-2019-20149

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...

7.5CVSS7.3AI score0.02278EPSS
Exploits1References2
CNVD
CNVD
added 2023/01/17 12:0 a.m.19 views

Online Food Ordering System SQL Injection Vulnerability (CNVD-2023-06521)

Online Food Ordering System is an online food ordering system. Online Food Ordering System suffers from a SQL injection vulnerability, which originates from the lack of validation of an externally entered SQL statement in the Username parameter of the component's login page, action = login, which...

9.8CVSS9.9AI score0.00496EPSS
Exploits0References1
CNVD
CNVD
added 2023/01/14 12:0 a.m.21 views

Lead Management System SQL Injection Vulnerability (CNVD-2023-05741)

Lead management system is a lead management system developed by Mayuri K. A SQL injection vulnerability exists in Lead Management System v1.0, which stems from the lack of validation of external input SQL statements in the id parameter of removeBrand.php, and can be exploited by attackers to The...

9.8CVSS3.2AI score0.0089EPSS
Exploits1References1
CNVD
CNVD
added 2023/01/14 12:0 a.m.16 views

Lead Management System SQL Injection Vulnerability (CNVD-2023-05745)

Lead management system is a lead management system developed by Mayuri K. The Lead Management System v1.0 version is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in the id parameter of removeProduct.php, which could be used by attackers to...

9.8CVSS5.2AI score0.0089EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/01/11 12:0 a.m.8 views

IBM Sterling Partner Engagement Manager SQL注入漏洞

IBM Sterling Partner Engagement Manager is an automated management tool from International Business Machines IBM. IBM Sterling Partner Engagement Manager suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can...

9.8CVSS8AI score0.00688EPSS
Exploits0References3
CNVD
CNVD
added 2023/01/04 12:0 a.m.24 views

Lead Management System SQL Injection Vulnerability

Lead management system is a lead management system developed by Mayuri K. The Lead Management System version 1.0 is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in the login.php parameter username, and can be exploited by attackers to The...

9.8CVSS4.4AI score0.26463EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/12/07 12:0 a.m.8 views

CVE-2022-43468

External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulate...

6.7AI score0.00846EPSS
Exploits0References3
NVD
NVD
added 2022/12/01 6:15 p.m.40 views

CVE-2022-2969

Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname,...

8.1CVSS0.02283EPSS
Exploits0References1
OSV
OSV
added 2022/12/01 6:15 p.m.3 views

CVE-2022-2969

Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname,...

7.5CVSS5.8AI score0.02283EPSS
Exploits0References1
CNVD
CNVD
added 2022/11/24 12:0 a.m.41 views

Billing System Project printOrder.php SQL Injection Vulnerability

Billing System Project is a billing system project by Mayuri K. Individual developer. Billing System Project v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the orderId parameter in printOrder.php against an externally entered SQL statement. An attacker cou...

9.8CVSS9.6AI score0.0089EPSS
Exploits0References1
CNVD
CNVD
added 2022/11/24 12:0 a.m.48 views

Billing System Project fetchOrderData.php SQL Injection Vulnerability

Billing System Project is a billing system project by Mayuri K. Individual developer. Billing System Project v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the orderId parameter in fetchOrderData.php against an externally entered SQL statement. An attacker...

9.8CVSS9.6AI score0.00871EPSS
Exploits0References1
CNVD
CNVD
added 2022/11/23 12:0 a.m.24 views

Automotive Shop Management System SQL Injection Vulnerability (CNVD-2022-87035)

Automotive Shop Management System is an automotive shop management system by the individual developer Carlo Montero. Automotive Shop Management System v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the /asms/admin/services/manageservice.php?id= component...

7.2CVSS7.3AI score0.00804EPSS
Exploits1References1
CNVD
CNVD
added 2022/11/23 12:0 a.m.22 views

Automotive Shop Management System SQL Injection Vulnerability (CNVD-2022-87034)

Automotive Shop Management System is an automotive shop management system by the individual developer Carlo Montero. Automotive Shop Management System v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the /asms/admin/mechanics/viewmechanic.php?id= component...

7.2CVSS7.3AI score0.00821EPSS
Exploits1References1
CNVD
CNVD
added 2022/11/23 12:0 a.m.25 views

Automotive Shop Management System SQL Injection Vulnerability (CNVD-2022-87032)

Automotive Shop Management System is an automotive shop management system by the individual developer Carlo Montero. Automotive Shop Management System v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in its...

7.2CVSS7.3AI score0.00804EPSS
Exploits1References1
CNVD
CNVD
added 2022/11/21 12:0 a.m.28 views

Automotive Shop Management System SQL Injection Vulnerability (CNVD-2022-87262)

Automotive Shop Management System is an automotive shop management system by the individual developer Carlo Montero. Automotive Shop Management System v1.0 suffers from a SQL injection vulnerability that originates from /asms/admin/?page=user/manageuser&id=Lack of validation of externally entered...

7.2CVSS7AI score0.00726EPSS
Exploits1References1
CNVD
CNVD
added 2022/11/18 12:0 a.m.25 views

Hospital Management Center SQL Injection Vulnerability

Hospital Management Center is a web system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. hospital Management Center is vulnerable to a SQL injection vulnerability that originates in an unknown function in the file patient-info.php Lack ...

9.8CVSS1.7AI score0.00494EPSS
Exploits1References1
CNVD
CNVD
added 2022/11/16 12:0 a.m.22 views

Eolinker goku_lite SQL Injection Vulnerability

Eolinker, an API management solution from Eolinker China, is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the file /balance/service/list. An attacker could exploit the vulnerability by gaining access to database information...

9.8CVSS9.3AI score0.00742EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/11/11 12:0 a.m.5 views

Eolinker SQL注入漏洞

Eolinker is an API management solution from Eolinker, a China-based company. Eolinker is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in file/plugin/getList, and can be exploited by attackers to obtain database information...

9.8CVSS7.3AI score0.00713EPSS
Exploits1References4
Rows per page
Query Builder