8 matches found
PT-2023-26327 · Unknown · Superwebmailer
Name of the Vulnerable Software and Affected Versions: SuperWebMailer version 9.00.0.01710 Description: An issue was discovered in SuperWebMailer that allows spamtest external.php XSS via a crafted filename. The issue is related to the filename variable, which can be exploited to execute XSS...
SQL Injection
moodle/moodle is vulnerable to SQL Injection attacks. The vulnerability exists in getsubwikipages function of external.php due to lack of sanitization of user inputs which allows an attacker to inject and execute arbitrary sql queries...
Information Disclosure
moodle/moodle is vulnerable to information disclosure. The vulnerability exists through the attempts parameter inexternal.php due to improper access control which allows an authenticated attacker to gain access to confidential information in the file system via insufficient capability checks...
my.ryte.com Open Redirect vulnerability
Vulnerable URL: https://my.ryte.com/utils/goto-external.php?https%3A%2F%2Fwww.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 20.11.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VI...
thecovernippon.jp Open Redirect vulnerability
Vulnerable URL: http://www.thecovernippon.jp/external.php?exurl=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 3517486 Google Pagerank| 0 VIP...
Moodle 'external.php' 'badge' Parameter XSS
The version of Moodle installed on the remote host fails to properly sanitize user-supplied input to the 'badge' parameter of the 'external.php' script. The application also fails to properly sanitize serialized objects. An attacker can exploit these issues by crafting a URL containing a serializ...
CVE-2013-5674
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid...
phpBP id参数远程SQL注入漏洞
BUGTRAQ ID: 28272 PHPBP是在波兰广泛使用的网站内容管理系统。 PHPBP的includes/functions/banners-external.php脚本文件中没有正确地验证对id参数的输入,允许远程攻击者通过提交特制的SQL查询请求执行SQL注入攻击。 以下是有漏洞的代码段: ... 3 function bannerout //zlicza ilosc klikniec na banner 4 5 global $conf; 6 7 if$GET'id' 8 9 SQLvalidate$POST'id'; 10 11 $db = new dbquery; 12...