PT-2022-22455 · Pligg Cms · Pligg Cms

Name of the Vulnerable Software and Affected Versions: Pligg CMS version 2.0.2 Description: A time-based SQL injection issue was found in Pligg CMS. The issue is related to the page size parameter at the "load data for groups.php" endpoint. Recommendations: For Pligg CMS version 2.0.2, avoid usin...

Anuko Time Tracker SQL Injection Vulnerability

Anuko Time Tracker is an open source time counting system for individual developers. A platform used to count employee time spent on various tasks, Anuko Time Tracker is vulnerable to a SQL injection vulnerability that stems from the group and status parameters in the groups.php file not being...

CVE-2020-10426

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-groups.php by adding a question mark ? followed by the payload...

Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-groups.php by adding a question mark ? followed by the payload...

CVE-2020-10426

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-groups.php by adding a question mark ? followed by the payload...

Design/Logic Flaw

Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php...

CVE-2017-17889

Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php...

Pligg CMS -- XSS Vulnerability

Netsparker reports: Proof of Concept URL for XSS in Pligg CMS: Page: groups.php Parameter Name: keyword Parameter Type: GET Attack Pattern: http://example.com/pligg-cms-2.0.2/groups.php?view=search&keyword='+alert0x000D82+' For more information on cross-site scripting vulnerabilities read the...

Vastal I-Tech phpVID SQL Injection Vulnerability

Vastal I-Tech phpVID is a set of video sharing software by Vastal I-Tech India. The software supports browsing videos, commenting on videos, uploading videos and more. A SQL injection vulnerability exists in the groups.php script in Vastal I-Tech phpVID version 0.9.9 and version 1.2.3. A remote...

Vastal I-tech phpVID 1.2.3 SQL Injection

Vastal I-tech phpVID 1.2.3 SQL Injection Security Vulnerabilities Exploit Title: Vastal I-tech phpVID /groups.php Multiple Parameters SQL Injection Security Vulnerabilities Product: phpVID Vendor: Vastal I-tech Vulnerable Versions: 1.2.3 0.9.9 Tested Version: 1.2.3 0.9.9 Advisory Publication: Mar...

CVE-2012-6644

Multiple cross-site scripting XSS vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the 1 cat parameter to channels.php, 2 collections.php, 3 groups.php, or 4 videos.php; 5 query parameter to searchresult.php; or 6 type parameter to...

CVE-2014-1877

Multiple cross-site scripting XSS vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 Phone, 2 Street, 3 Address line, 4 Zip code, or 5 City field to main/auth/profile.php; 6 Subject field to main/social/groups.php; or 7 Message body field to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 Phone, 2 Street, 3 Address line, 4 Zip code, or 5 City field to main/auth/profile.php; 6 Subject field to main/social/groups.php; or 7 Message body field to...

CVE-2012-5874

Multiple SQL injection vulnerabilities in the 1 updatewhosonlinereg and 2 updatewhosonlineguest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATHINFO to a checkuser.php, b groups.php, c index.php, d login.php, e quicklogin.php, f...

traq-2.3.5_CSRF_XSS_SQL_INjeCTION_vulns

==================================================================== Vulnerable Software: traq-2.3.5 Official Site: TraqProject.org ==================================================================== About Software: Traq is a PHP powered project manager, capable of tracking issues for multiple...

Traq 2.3.5 CSRF / XSS / SQL Injection

==================================================================== Vulnerable Software: traq-2.3.5 Official Site: TraqProject.org ==================================================================== About Software: Traq is a PHP powered project manager, capable of tracking issues for multiple...

NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities

NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities Vulnerable: NuclearBB Alpha 1 Google d0rk: "This forum is powered by NuclearBB" ============= String Inputs ============= ---------------------------- login.php - $POST'submit' ---------------------------- username=xyz...

nuclearbb-sql.txt

NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities Vulnerable: NuclearBB Alpha 1 Google d0rk: "This forum is powered by NuclearBB" ============= String Inputs ============= ---------------------------- login.php - $POST'submit' ---------------------------- username=xyz...

NuclearBB Alpha 1 - Multiple SQL Injections

source: https://www.securityfocus.com/bid/23555/info NuclearBB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...

CVE-2005-4642

Multiple cross-site scripting XSS vulnerabilities in HydroBB 1.0.0 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to 1 search.php, 2 members.php, 3 stats.php, 4 viewforum.php, 5 register.php, 6 usercp.php, 7 groups.php, 8 pms.php, and 9 calendar.php...