9 matches found
EUVD-2025-6180
Malicious code in bioql PyPI...
CVE-2022-38280
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list...
CVE-2025-25426
yshopmall =v1.9.0 is vulnerable to SQL Injection in the image listing interface...
CVE-2025-25426
yshopmall =v1.9.0 is vulnerable to SQL Injection in the image listing interface...
CVE-2025-25426
yshopmall =v1.9.0 is vulnerable to SQL Injection in the image listing interface...
CVE-2025-25426
yshopmall =v1.9.0 is vulnerable to SQL Injection in the image listing interface...
CVE-2025-25426
yshopmall =v1.9.0 is vulnerable to SQL Injection in the image listing interface...
CVE-2025-25426
CVE-2025-25426 affects yshopmall prior to v1.9.0, where a SQL injection vulnerability exists in the image listing interface. The Red Hat advisory and PT-Security entry corroborate that the issue is specifically an SQL injection flaw in versions before 1.9.0, with exploitation tied to the vulnerab...
Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal
- The plugin did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector. - Path Traversal Vulnerabillity also allows listing the entire folder & image file in the system. - The below...