9 matches found
MINI-8644-F825-MPHR
Bulletin has no description...
PoC-Stored-XSS-textpattern-4.8.8-Exploit
Textpattern CMS 4.8.8 — Stored XSS Advisory Title: Stored...
MC4WP < 4.8.7 - Admin+ Stored Cross-Site Scripting
The plugin does not properly sanitise from data, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create a form and put the following payload in the Form Code textarea: The XSS will be triggered...
MC4WP < 4.8.7 - Admin+ Stored Cross-Site Scripting
The plugin does not properly sanitise from data, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create a form and put the following payload in the Form Code textarea: The XSS will be triggered whe...
CVE-2020-29143
A SQL injection vulnerability in interface/reports/nonreported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the formcode parameter...
CVE-2020-29140
A SQL injection vulnerability in interface/reports/immunizationreport.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the formcode parameter...
CVE-2020-29140
A SQL injection vulnerability in interface/reports/immunizationreport.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the formcode parameter...
OpenEMR SQL注入漏洞
OpenEMR is a medical practice management software that also supports electronic medical records EMR. A SQL injection vulnerability exists in interface/reports/immunizationreport.php in OpenEMR versions prior to 5.0.2.5. A remote authenticated attacker can exploit this vulnerability to execute...
CVE-2016-9484
The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any P...