46 matches found
EUVD-2025-200301
Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentServicefindPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements,...
CVE-2025-65877
Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentServicefindPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements,...
CVE-2025-65877
Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentServicefindPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements,...
CVE-2025-65877
Lvzhou CMS prior to commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 is vulnerable to SQL injection via the title parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The input is concatenated into a dynamic SQL query without sanitization or prepared statements, enabling reading of se...
PT-2025-48773
Name of the Vulnerable Software and Affected Versions Lvzhou CMS versions prior to commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 Description The software contains a SQL injection flaw due to unsanitized input. Specifically, the title parameter within the...
CVE-2025-65877
Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentServicefindPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements,...
EUVD-2024-35188
Malicious code in bioql PyPI...
EUVD-2024-35186
Malicious code in bioql PyPI...
EUVD-2024-35187
Malicious code in bioql PyPI...
CVE-2024-33139
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the findpage function...
CVE-2024-35090
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysUreportFileMapper.xml...
CVE-2024-35086
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml...
CVE-2024-12351
A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file src\main\java\com\cms\entity\ContentModel.java of the component File Content Handler. The manipulation of the argument name leads to sql injection. It is possible to initiate the...
CVE-2024-35090
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysUreportFileMapper.xml...
CVE-2024-35090
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysUreportFileMapper.xml...
CVE-2024-35091
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml...
CVE-2024-35084
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml...
CVE-2024-35086
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml...
CVE-2024-35085
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml...
CVE-2024-35083
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml...