15 matches found
CVE-2026-10257
A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/updatessimg.php. The manipulation of the argument topicid results in sql injection. The attack can be executed remotely. The exploit has been released t...
PT-2026-45406
A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/update ss img.php. The manipulation of the argument topic id results in sql injection. The attack can be executed remotely. The exploit has been release...
CVE-2026-5639 PHPGurukul Online Shopping Portal Project Parameter update-image3.php sql injection
A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed remotely. The...
CVE-2026-5639
A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed remotely. The...
CVE-2025-65791
ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...
CVE-2025-9932
A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/update-image.php. This manipulation of the argument lid causes sql injection. The attack may be initiated remotely. The exploit has been publishe...
CVE-2012-10049
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and...
PT-2023-5947 · Unknown · Koha Library
Name of the Vulnerable Software and Affected Versions: Koha Library Software versions 23.05.04 and before Description: The issue is related to a lack of filtering of the client-supplied path in the upload-cover-image.pl component. This can allow a remote attacker to read arbitrary files. The...
Contec SolarView Compact 代码问题漏洞
Contec SolarView Compact is an application from Contec Japan, Inc. Contec SolarView Compact v6.0 contains a remote code execution vulnerability that stems from a failure of SolarImage.php to properly filter special elements of the construction snippet. An attacker could exploit this vulnerability...
CVE-2022-24977
ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHPSESSIONUPLOADPROGRESS when the PHP installation supports...
The vulnerability of the software’s image generation function for monitoring IT infrastructure in Centreon allows a hacker to execute arbitrary SQL commands.
The vulnerability of the software’s image generation function for monitoring IT infrastructure in Centreon relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands by executing the script...
UBUNTU-CVE-2017-12427
The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service memory leak via a crafted file, related to the WriteMSLImage function...
estrading.com.au XSS vulnerability
Vulnerable URL: http://www.estrading.com.au/scripts/showimage.asp?imagename="'--!confirmOPENBUGBOUNTY...
Humanization of the stolen Cookie script-vulnerability warning-the black bar safety net
author: cnryan @http://hi.baidu.com/cnryan cookie stealing is the most common cross-site attacks one, whether it is with img,iframe, or based on the storage or non-warehousingXSS, the whole operation only need to bring Cookies to the browser request to a url to complete. I prefer Image: script im...
Simple PHP Blog 0.4.0 - Multiple Remote s
!/usr/bin/perl -w =============================================================================== Title: sphpblogvulns.pl Written by: Kenneth F. Belva, CISSP Franklin Technologies Unlimited, Inc. http://www.ftusecurity.com Date: August 25, 2005 Version: 0.1 Description: This program is for...