321 matches found
Web Ofisi Emlak SQL注入漏洞
Web Ofisi Emlak is a real estate agency website system developed by the Turkish company Web Ofisi. The Web Ofisi Emlak V2 version has a SQL injection vulnerability, which stems from insufficient validation of multiple GET parameter inputs. This vulnerability may lead to SQL injection attacks...
PT-2026-21446
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak durumu, emlak tipi, il, ilce, kelime, and semt to extract sensiti...
Cross-site Request Forgery (CSRF)
alextselegidis/easyappointments is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to CSRF protection being enforced only for POST requests while state-changing actions accept GET parameters, which allows an attacker to perform unauthorized administrative actions through...
CVE-2026-27174 MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval
MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...
CVE-2026-23738
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...
CVE-2026-23738
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...
UBUNTU-CVE-2026-23738
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...
CVE-2026-23738
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...
Linux Distros Unpatched Vulnerability : CVE-2026-23738
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user...
CVE-2020-37111
60CycleCMS 2.5.2 contains a cross-site scripting XSS vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browser...
CVE-2020-37111
CVE-2020-37111 affects 60CycleCMS 2.5.2 with an XSS in news.php . The vulnerability allows attackers to inject scripts via GET parameters, specifically the etsu and ltsu parameters, enabling execution of arbitrary scripts in victims’ browsers. The source documents consistently describe a client-s...
EUVD-2020-30984
60CycleCMS 2.5.2 contains a cross-site scripting XSS vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browser...
CVE-2020-37111
60CycleCMS 2.5.2 contains a cross-site scripting XSS vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browser...
CVE-2020-37111 60CycleCMS 2.5.2 - 'news.php' Cross-site Scripting (XSS) Vulnerability
60CycleCMS 2.5.2 contains a cross-site scripting XSS vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browser...
CVE-2025-64092
This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database...
CVE-2025-64092
This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database...
CVE-2025-64092
This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database...
CVE-2025-64092
CVE-2025-64092 involves unauthenticated SQL injection via GET parameters, affecting Zenitel ICX500/ICX510 platforms per the connected records. The Red Hat and CNNVD entries confirm the same vulnerability description and cite Zenitel as the vendor with affected hardware. The common root cause is i...
CVE-2025-64092 Unauthenticated SQL injection via GET request parameters
This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database...
CVE-2025-64092 Unauthenticated SQL injection via GET request parameters
This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database...