7 matches found
GHSA-J6CV-98JX-MRWR Mocodo vulnerable to SQL injection in `/web/generate.php`
Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sqlcase input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution RCE under certain conditions...
CVE-2024-35374
Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sqlcase input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution RCE under certain conditions...
CVE-2020-14010
The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via the data/typeahead-generate.php q aka name parameter...
CVE-2018-8770
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php,...
CVE-2018-8770
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php,...
Design/Logic Flaw
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php,...
CVE-2018-8770
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php,...