CVE-2018-25400

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/formpost.php endpoint with crafted SQL payloads to extract...

CVE-2018-25400 The Open ISES Project 3.30A SQL Injection via form_post.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/formpost.php endpoint with crafted SQL payloads to extract...

CVE-2018-25400

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/formpost.php endpoint with crafted SQL payloads to extract...

CVE-2018-25400 The Open ISES Project 3.30A SQL Injection via form_post.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/formpost.php endpoint with crafted SQL payloads to extract...

CVE-2018-25400

The CVE-2018-25400 entry concerns the Open ISES Project 3.30A and an SQL injection via the id parameter in the ajax/form_post.php endpoint. The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries and exfiltrate data (e.g., database schema names) through crafted GET req...

EUVD-2018-21922

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/formpost.php endpoint with crafted SQL payloads to extract...

PT-2026-44878

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/form post.php endpoint with crafted SQL payloads to extrac...

CVE-2026-9382

A flaw has been found in Edimax BR-6675nD 1.12. Affected by this issue is the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Executing a manipulation of the argument pptpUserName can lead to buffer overflow. The attack may be launched remotely. The...

CVE-2026-40864 JupyterHub: Cross-origin form POSTs bypass XSRF

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

CVE-2026-40864 JupyterHub: Cross-origin form POSTs bypass XSRF

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

BIT-AUTHENTIK-2024-21637 XSS in Authentik via JavaScript-URI as Redirect URI and form_post Response Mode

Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with responsemode=formpost. This relatively user could use the described attacks to perform a privilege escalation. This...

CVE-2026-25150

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a prototype pollution vulnerability exists in the formToObj function within @builder.io/qwik-city middleware. The function processes form field names with dot notation e.g., user.name to create nested objects, but fails ...

Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms

Summary Having a simple form on site can reveal the whole Grav configuration details including plugin configuration details by using the correct POST payload. Sensitive information may be contained in the configuration details. PoC Create a simple form with two fields, 'registration-number' and...

EUVD-2022-32047

Malicious code in bioql PyPI...

TOTOLINK EX1200T 安全漏洞

The TOTOLINK EX1200T is a wireless router from TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK EX1200T version 4.1.2cu.5232B20210713, which affects the HTTP POST request processing component of file/boafrm/formFilter with unknown code. A remote attacker could exploit this...

The vulnerability of the ftpservlet component of the FileCatalyst Workflow software allows a perpetrator to execute arbitrary code.

The vulnerability of the ftpservlet component in the FileCatalyst Workflow software lies in errors during the processing of HTTP POST requests. Exploiting this vulnerability allows an attacker to execute arbitrary code by loading specially crafted JSP files remotely...

keycloak: open redirect via "form_post.jwt" JARM response mode

A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "formpost.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134...

keycloak: open redirect via "form_post.jwt" JARM response mode

A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "formpost.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134...

keycloak: open redirect via "form_post.jwt" JARM response mode

A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "formpost.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134...

GHSA-9VM7-V8WJ-3FQW keycloak-core: open redirect via "form_post.jwt" JARM response mode

An incomplete fix was found in Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode "formpost.jwt". It is observed that changing the responsemode parameter in the original proof of concept from "formpost" to "formpost.jwt...