CVE-2023-27886

Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP POST parameter called by index.php script...

CVE-2023-2058

A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit=12=4 of the component HTTP POST Request Handler. The manipulation of the argument webico leads...

CVE-2023-7137

A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the component HTTP POST Request Handler. The manipulation of the argument uemail leads to sql injection. The exploit has been...

CVE-2023-7146

A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection...

CVE-2023-3678

A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=deleteinquiry of the component HTTP POST Request Handler. The manipulation of the argument ...

CVE-2023-3679

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=saveinquiry of the component HTTP POST Request Handler. The manipulation of the argument id lead...

CVE-2023-30805

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...

CVE-2023-6575

A vulnerability was found in Byzoro S210 up to 20231121. It has been classified as critical. This affects an unknown part of the file /Tool/repair.php of the component HTTP POST Request Handler. The manipulation of the argument txt leads to sql injection. It is possible to initiate the attack...

CVE-2023-6906

A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer...

CVE-2023-3619

A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This issue affects some unknown processing of the file Master.php?f=saveservice of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The...

CVE-2023-3783

A vulnerability was found in Webile 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP POST Request Handler. The manipulation of the argument newfilename/c leads to cross site scripting. It is possible to launch the attack remotely. The exploit has...

CVE-2022-38375

An improper authorization vulnerability CWE-285 in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests...

CVE-2022-45725

Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request...

The vulnerability of the HTTP POST Request Handler component in the microprogramming software for TOTOLINK A3002R and A3002RU allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the HTTP POST Request Handler component in the microprogramming software for TOTOLINK A3002R and A3002RU devices is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to compromise the...

The vulnerability of the HTTP POST Request Handler component of the /boafrm/formWlanRedirect file in the microprogramming system for routers A702R, A3002R, and A3002RU allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the HTTP POST Request Handler component of the /boafrm/formWlanRedirect file in the microprogramming software for routers A702R, A3002R, and A3002RU is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an...

The vulnerability of the HTTP POST Request Handler component of the /boafrm/formDosCfg file in the microprogramming software for routers A702R, A3002R, and A3002RU allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the HTTP POST Request Handler component in the /boafrm/formDosCfg file of the microprogramming software for routers A702R, A3002R, and A3002RU is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attack...

CVE-2022-30760

An Insecure Direct Object Reference IDOR issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information final grades, study courses, degrees by changing the student ID parameter in the HTTP POST request to the FrontControllerSS...

CVE-2022-34211

A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...

CVE-2022-34212

A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL...

CVE-2022-34205

A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...