18 matches found
SourceCodester Pizzafy Ecommerce System 安全漏洞
SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System contains a security vulnerability, which stems from the handling of the 'page' parameter in the file/index.php, potentially leading t...
EUVD-2026-25716
A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed...
MuuCmf 安全漏洞
MuuCmf is an open-source application development framework created by Dameng100. Version MuuCmf 1.9.5.20260309 contains a security vulnerability, which stems from the handling of the keyword parameter in the file/index/Search/index.html. This vulnerability may lead to SQL injection attacks...
CVE-2026-5623
A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/front/src/index.ts of the component Import Endpoint. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit is publicly availabl...
MCP Code Executor 命令注入漏洞
MCP Code Executor is a code execution server developed by bazinga012. Versions of MCP Code Executor prior to 0.3.0 have a command injection vulnerability, which stems from incorrect operations on the function installDependencies in the file src/index.ts, potentially leading to command injection...
GHSA-XC68-RRQC-QGQ3 MCP NMAP Server has an Injection vulnerability
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...
Chamilo 代码问题漏洞
Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had code vulnerabilities. These vulnerabilities stemmed from improper handling of the POST parameter openidurl in the file/index.php file, which could lead to blind SRFI attacks...
EUVD-2025-178051
Malicious code in load-protected-file-index-analyze npm...
CVE-2025-0458
A vulnerability classified as problematic was found in Virtual Computer Vysual RH Solution 2024.12.1. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Panel. The manipulation of the argument page leads to cross site scripting. The attack can...
CVE-2023-2368
A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php?page=managequestionnaire. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. Th...
zentaopms 代码问题漏洞
zentaopms is EasySoft open source an agile scrum project management system u200b. A code issue vulnerability exists in zentaopms version 21.520250307, which stems from a misbehavior of the parameter filePath in file/index.php leading to deserialization...
CmsEasy 路径遍历漏洞
CmsEasy is a content management system CMS for creating responsive websites from China's CmsEasy company. A path traversal vulnerability exists in CmsEasy version 7.7.7.9, which stems from a path traversal caused by the parameter select in...
openBI 代码注入漏洞
openBI is a big data visualization solution from openBI. A code injection vulnerability exists in openBI 1.0.8 and earlier versions, which stems from a problem with the index function in the /application/index/controller/Screen.php file, which could lead to code injection. Currently there are no...
Taokeyun SQL Injection Vulnerability
Taokeyun is a shopping mall system by jifeer individual developer. A SQL injection vulnerability exists in Taokeyun version 1.0.5 and earlier versions, which originates from a SQL injection vulnerability in the cid parameter of the index function in the application/index/controller/m/Drs.php file...
tine SQL Injection Vulnerability
tine is a team collaboration software from tine, Inc. A security vulnerability exists in versions prior to tine 2023.01.14.325, which stems from a sort parameter in the file/index.php endpoint that allows SQL injection...
Employee Record Management System 1.1 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Employee Record Management SystemERMS 1.1 - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
Vesta Control Panel Cross-Site Scripting Vulnerability (CNVD-2018-09183)
Vesta Control Panel is an open source web hosting control panel. A cross-site scripting vulnerability exists in Vesta Control Panel version 0.9.8-20. A remote attacker can exploit this vulnerability by sending the 'path' parameter to the view/file/index.php URI to execute PHP code...
Industry management system SQL blind injection vulnerability-vulnerability warning-the black bar safety net
Industry management system SQL blind injection vulnerability. The problem of the file index. asp Type: sql blind injection,injection. Test: http://www.tmdsb.com/index.asp?CID=27+and+1=1– http://www.tmdsb.com/index.asp?CID=27+and+1=2– http://www.tmdsb.com/index.asp?CID=SQLI Google keywords:...