CVE-2026-27834

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability exists in the pwg.users.getList Web Service API method. The filter parameter is directly concatenated into a SQL query without proper sanitization, allowing authenticated...

CVE-2026-27834

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability exists in the pwg.users.getList Web Service API method. The filter parameter is directly concatenated into a SQL query without proper sanitization, allowing authenticated...

CVE-2026-27885 Piwigo: SQL Injection in Activity.getList

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability was discovered in Piwigo affecting the Activity List API endpoint. This vulnerability allows an authenticated administrator to extract sensitive data from the database, including...

EUVD-2026-18872

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability exists in the pwg.users.getList Web Service API method. The filter parameter is directly concatenated into a SQL query without proper sanitization, allowing authenticated...

CVE-2026-27834 Piwigo: SQL Injection in pwg.users.getList API Method via filter Parameter

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability exists in the pwg.users.getList Web Service API method. The filter parameter is directly concatenated into a SQL query without proper sanitization, allowing authenticated...

CVE-2026-27834

CVE-2026-27834 affects Piwigo prior to 16.3.0, where the pwg.users.getList Web Service API method is vulnerable to SQL Injection. The filter parameter is directly concatenated into a SQL query without proper sanitization, enabling authenticated administrators to execute arbitrary SQL commands. Th...

CVE-2026-27834

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability exists in the pwg.users.getList Web Service API method. The filter parameter is directly concatenated into a SQL query without proper sanitization, allowing authenticated...

Piwigo 安全漏洞

Piwigo is a web-based open-source image library software developed by Piwigo contributors. This software includes functions such as image management, image classification, and permission management. Versions of Piwigo prior to 16.3.0 contained security vulnerabilities. These vulnerabilities stemm...

IdeaCMS 注入漏洞

IdeaCMS is a shopping mall system of IdeaCMS open source. IdeaCMS 1.7 and previous versions of the injection vulnerability exists, the vulnerability stems from the file / api / v1.index.article / getList.html in the parameter Field improperly handled resulting in SQL injection...

CVE-2023-1742

A vulnerability was found in IBOS 4.5.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /?r=report/api/getlist of the component Report Search. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been...

Automatic Systems SOC FL9600 FastLine - Directory Transversal Vulnerability

Exploit Title: Automatic-Systems SOC FL9600 FastLine - Directory Transversal Exploit Author: Mike Jankowski-Lorek, Marcin Kozlowski / Cqure Vendor Homepage: http://automatic-systems.com Software Link: Version: V06 Tested on: V06, VersionSVN = 285698a99acbd8d7ea09a57d5fbcb435da5427b3f6b8a CVE :...

PT-2023-17207 · Ibos · Ibos

Name of the Vulnerable Software and Affected Versions: IBOS version 4.5.5 Description: A critical issue affects some unknown functionality of the file "/?r=report/api/getlist" of the component Report Search, leading to sql injection. The attack may be launched remotely. Recommendations: For IBOS...

CVE-2022-3948

A vulnerability classified as critical was found in eolinker gokulite. This vulnerability affects unknown code of the file /plugin/getList. The manipulation of the argument route/keyword leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and...

PT-2022-24973 · Unknown · Eolinker Goku Lite

Name of the Vulnerable Software and Affected Versions: eolinker goku lite affected versions not specified Description: A critical issue was found in the software, affecting the /plugin/getList file. The manipulation of the route/keyword argument leads to SQL injection. The attack can be initiated...

Eolinker SQL注入漏洞

Eolinker is an API management solution from Eolinker, a China-based company. Eolinker is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in file/plugin/getList, and can be exploited by attackers to obtain database information...

Command Injection

centreon/centreon is vulnerable to command injection. The vulnerability exists due to the lack of sanitization of the name input via the getList function...

CVE-2016-10037

Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id aka dir parameter, related to browser/directory/getlist...

LebiShop商城系统最新版SQL注入一(同一文件多处)

简要描述： LebiShop商城系统最新版SQL注入一，同一文件多处，官方demo演示 详细说明： LebiShop商城系统最新版V3.1.00，多处存在SQL注入漏洞，可拖库 更多案例： 使用关键字搜索：powered by LebiShop 可搜索大量使用用户 反编译/bin/shop.dll，在SHop.Ajax中的Ajaxorder文件中存在多处SQL注入漏洞 SHop.Ajax.Ajaxorder即根目录下的Ajax目录，Ajaxorder文件 第一处SQL注入 我们来看看Ajaxorder文件中的AddressDel方法： // Shop.Ajax.Ajaxorder...

CVE-2013-3597

servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action...

CVE-2013-3597

SearchBlox is affected by CVE-2013-3597 in the servlet/CollectionListServlet prior to version 7.5 build 1. An unauthenticated remote attacker can read usernames and passwords via the getList action, compromising confidentiality. The issue is part of multiple vulnerabilities in version 7.4 and ear...