CVE-2026-22234

OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files...

CVE-2026-22234

OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files...

CVE-2026-22234

The CVE-2026-22234 issue affects OPEXUS eCasePortal (and related eComplaint) versions before 9.0.45.0, where an unauthenticated attacker can navigate to Attachments.aspx and, by iterating through predictable formid values, download or delete all user-uploaded files and even upload new ones. This ...

CVE-2026-22234 OPEXUS eCasePortal unauthenticated IDOR

OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files...

CVE-2026-22234 OPEXUS eCasePortal unauthenticated IDOR

OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files...

PT-2026-2176

Name of the Vulnerable Software and Affected Versions OPEXUS eCasePortal versions prior to 9.0.45.0 Description OPEXUS eCasePortal allows an unauthenticated attacker to access and manipulate user-uploaded files. An attacker can navigate to the ''Attachments.aspx'' endpoint and, by iterating throu...

OPEXUS eCasePortal 安全漏洞

OPEXUS eCasePortal is a case management platform from OPEXUS USA. A security vulnerability exists in OPEXUS eCasePortal versions prior to 9.0.45.0 that originates from an unauthenticated attacker being able to traverse the formid value, potentially leading to the download or deletion of files...

EUVD-2009-4631

Malware in sbrugna...

CVE-2024-12023

The FULL – Cliente plugin for WordPress is vulnerable to SQL Injection via the 'formId' parameter in all versions 3.1.5 to 3.1.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

CE Phoenix 1.0.8.20 Remote Code Execution

Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...

CE Phoenix 1.0.8.20 Remote Code Execution Exploit

Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...

CVE-2022-29940

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\findorderpopup.php leads to multiple cross-site scripting XSS vulnerabilities...

CVE-2022-29940

CVE-2022-29940 affects LibreHealth EHR 2.0.0. The issue arises from insufficient sanitization of GET parameters formseq and formid in the file interface/orders/find_order_popup.php , enabling multiple XSS vulnerabilities. The connected sources confirm the vulnerable component and the underlying c...

LibreHealth EHR 跨站脚本漏洞

LibreHealth EHR is a clinically-focused Electronic Health Record EHR system designed to be easy to use out-of-the-box or customized for use in a variety of healthcare settings. A security vulnerability exists in LibreHealth EHR 2.0.0, which stems from the lack of filter escaping for the GET...

浪潮政务审批平台ECGAP /Business/OfflineDownload.aspx 文件 formId 参数SQL注入漏洞

No description provided by source...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters envialosimple-email-marketing-y-newsletters-gratis plugin before 1.98 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 Form...

CVE-2009-4667

SQL injection vulnerability in form.php in WebMember 1.0 allows remote authenticated users to execute arbitrary SQL commands via the formID parameter...

Sql injection

SQL injection vulnerability in form.php in WebMember 1.0 allows remote authenticated users to execute arbitrary SQL commands via the formID parameter...

WebMember 1.0 - 'formID' SQL Injection

================================================================================================================== SSSSS NN N AA K K EEEEE SSSSS TTTTTTTTT EEEEE AA MM MM S N N N A A K K E S T E A A M M M M SSSSS N N N AAAAAA KKK EEEEE SSSSS T EEEEE AAAAAA M M M M S N N N A A K K E S T E A A M M M...

CVE-2008-2835

SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4 allows remote attackers to execute arbitrary SQL commands via the formid parameter...