EUVD-2025-27628

Malicious code in bioql PyPI...

CVE-2025-10246 lokibhardwaj PHP-Code-For-Unlimited-File-Upload f.php cross site scripting

A weakness has been identified in lokibhardwaj PHP-Code-For-Unlimited-File-Upload up to 124fe96324915490c81eaf7db3234b0b4e4bab3c. This affects an unknown part of the file /f.php. This manipulation of the argument h causes cross site scripting. Remote exploitation of the attack is possible. The...

CVE-2025-10246

The CVE-2025-10246 entry concerns lokibhardwaj PHP-Code-For-Unlimited-File-Upload. Affected component: the file /f.php, where manipulation of the parameter h enables cross-site scripting. Impact: remote exploitation is possible; exploits have been publicly disclosed. The issue references versions...

PHP-Code-For-Unlimited-File-Upload 代码注入漏洞

PHP-Code-For-Unlimited-File-Upload is a software used for multiple file transfers by the individual developer Lokesh Kumar. A code injection vulnerability exists in PHP-Code-For-Unlimited-File-Upload, which stems from the incorrect manipulation of the parameter h in the file /f.php, which could...

PT-2025-37113

Name of the Vulnerable Software and Affected Versions: lokibhardwaj PHP-Code-For-Unlimited-File-Upload versions up to 124fe96324915490c81eaf7db3234b0b4e4bab3c Description: A weakness exists in the file /f.php within the software. Manipulation of the argument h can lead to cross-site scripting...

CVE-2015-9480

The WordPress RobotCPA Plugin v5 is affected by a directory traversal (CVE-2015-9480) via the f.php?l parameter. The Nuclei template and related sources describe a path traversal vulnerability allowing an attacker to access restricted server files, enabling potential data leakage. The vulnerabili...

VulnCheck KEV: CVE-2015-9480

The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter...

CVE-2007-2738

The CVE-2007-2738 entry corresponds to a SQL injection vulnerability in the Glossaire module for XOOPS (version 1.7 and earlier). The flaw resides in glossaire-p-f.php, where the sid parameter used in an ImprDef action is not properly sanitized, allowing remote attackers to execute arbitrary SQL ...

CVE-2006-3341

CVE-2006-3341: SQL injection in annonces-p-f.php of the MyAds module 2.04jp for XOOPS (file: annonces-p-f.php; parameter: lid) allows remote execution of arbitrary SQL. Affected software is the MyAds 2.04jp XOOPS module; CVSSv2 shows AV:N/AC:L/Au:N/C:P/I:P/A:P with base score 7.5 (HIGH). Connecte...

XOOPS myAds Module (lid) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications =========================================================== XOOPS myAds Module lid Remote SQL Injection Vulnerability =========================================================== Xoops myAds module SQL-Injection Discovered: KeyCoder Visit :...

XOOPS myAds Module - lid SQL Injection

XOOPS myAds Module - lid SQL Injection Xoops myAds module SQL-Injection Discovered: KeyCoder Visit : www.grisapka.org Contact: [email protected] Thanx: SecretlyX-BeLa --------------------------------------- Details : Xoops myAds module SQL-Injection Vulnerability Website : http://www.xoops.org/...

XOOPS myAds Module - 'lid' SQL Injection

Xoops myAds module SQL-Injection Discovered: KeyCoder Visit : www.grisapka.org Contact: [email protected] Thanx: SecretlyX-BeLa --------------------------------------- Details : Xoops myAds module SQL-Injection Vulnerability Website : http://www.xoops.org/ Vulnerable File : annonces-p-f.php PoC :...