13 matches found
CVE-2026-48242
Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials host, username, password, database name in importmdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values...
CVE-2026-38429
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
CVE-2026-38429
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
CVE-2026-33735
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...
CVE-2026-33735
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...
CVE-2026-33735
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...
CVE-2026-33735 MyTube has an Improper Access Control that Allows Complete Application Takeover
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...
EUVD-2026-16512
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...
CVE-2026-33735 MyTube has an Improper Access Control that Allows Complete Application Takeover
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...
PT-2026-28518
Name of the Vulnerable Software and Affected Versions MyTube versions prior to 1.8.69 Description MyTube is a self-hosted downloader and player for several video websites. Prior to version 1.8.69, an authorization bypass exists in the /api/settings/import-database API endpoint. This bypass allows...
Siemens TeleControl Server Basic SQL注入漏洞
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from an SQL injection vulnerability that originates from an internal method, ImportDatabase, which can be exploited by an attacker to bypass authorization controls a...
CVE-2021-29654
AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data in the import database feature of the administration panel, leading to Remote Code execution...
How to Export and Import StoreFront Subscription Database on StoreFront 3.6
This article explains how to export and import a StoreFront subscription database on Storefront 3.6. Background The previous versions of StoreFront had different commands to export and import a StoreFront subscription database. The previous commands are now obsolete. The following is the previous...