CVE-2025-2731

The CVE-2025-2731 vulnerability affects H3C Magic NX15, NX30 Pro, NX400, R3010, and BE18000 up to V100R014. It resides in the HTTP POST Request Handler function at /api/wizard/getDualbandSync, where an input manipulation enables command injection. Impact is local-network only, with high severity ...

PT-2025-12451 · Unknown · Lzcms-Laozhangbokexitong

Name of the Vulnerable Software and Affected Versions: LzCMS-LaoZhangBoKeXiTong versions up to 1.1.4 Description: A critical issue affects some unknown functionality of the file /admin/upload/upimage.html, specifically the HTTP POST Request Handler component. The manipulation of the File argument...

PT-2025-6893 · Internet Web Solutions · Sublime Crm

Name of the Vulnerable Software and Affected Versions: Internet Web Solutions Sublime CRM up to 20250207 Description: A problematic vulnerability was found in the HTTP POST Request Handler component of Internet Web Solutions Sublime CRM, affecting an unknown function of the file /crm/inicio.php...

CVE-2025-0481

A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been...

D-Link DIR-878 安全漏洞

The D-Link DIR-878 is a wireless router from China's AUO D-Link. An information disclosure vulnerability exists in the D-Link DIR-878 version 1.03, which stems from insufficient protection of sensitive information in the component HTTP POST request handler, and can be exploited by an attacker to...

PT-2025-3828 · Kaiyuantong · Kaiyuantong Ect Platform

Name of the Vulnerable Software and Affected Versions: KaiYuanTong ECT Platform versions up to 2.0.0 Description: A critical issue has been found in the HTTP POST Request Handler component of the affected software, specifically in the file /public/server/runCode.php. The manipulation of the code...

CVE-2024-8128

A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Th...

CVE-2024-7657

A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/updaterows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated...

CVE-2024-7066

CVE-2024-7066 affects F-logic DataCube3 1.0. The vulnerability resides in the HTTP POST Request Handler, specifically the file /admin/config_time_sync.php, where manipulating the ntp_server argument enables OS command injection. Exploitation can be remote and the exploit has been disclosed public...

SourceCodester Vehicle Management 代码问题漏洞

SourceCodester Vehicle Management is a vehicle management software from SourceCodester, Inc. A code issue exists in the SourceCodester Vehicle Management System up to version 1.0, which is caused by an unknown function in the component HTTP POST Request Handler. that causes unrestricted uploads v...

PT-2024-19014 · Unknown · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /admin/operations/expense category.php, specifically the HTTP POST Reque...

Path traversal

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input...

CVE-2024-0496

A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical. This issue affects some unknown processing of the file itemlistedit.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated...

CVE-2024-0495

A vulnerability has been found in Kashipara Billing Software 1.0 and classified as critical. This vulnerability affects unknown code of the file partysubmit.php of the component HTTP POST Request Handler. The manipulation of the argument partyname leads to sql injection. The attack can be initiat...

PT-2024-15609 · Unknown · Kashipara Billing

Name of the Vulnerable Software and Affected Versions: Kashipara Billing Software version 1.0 Description: A critical issue was found in the HTTP POST Request Handler component, specifically in the file buyer detail submit.php. The manipulation of the gstn no argument leads to sql injection. This...

PT-2024-15596 · Taokeyun · Taokeyun

Name of the Vulnerable Software and Affected Versions: Taokeyun versions up to 1.0.5 Description: A critical issue has been found, affecting the function login of the file application/index/controller/m/User.php in the HTTP POST Request Handler component. The manipulation of the username argument...

CVE-2024-0461

A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been classified as critical. Affected is an unknown function of the file deactivate.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. It is possible to laun...

CVE-2024-0419

A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the...

Totolink T6 安全漏洞

TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in Totolink T6 version 4.1.9cu.5241B20210923, which originates from the component HTTP POST Request Handler in the file /cgi-bin/cstecgi.cgi that fails to correctly validate t...

Stack overflow

A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8 leads to stack-based...