CVE-2026-48235 Open ISES Tickets < 3.44.2 SQL Injection in incs/remotes.inc.php via External GPS Tracker Data

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses InstaMapper and Google Latitude integration are concatenated into...

CVE-2023-36319

File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file...

PT-2023-5333 · Unknown · Openupload

Name of the Vulnerable Software and Affected Versions: Openupload Stable version 0.4.3 Description: The issue is related to a File Upload vulnerability that allows a remote attacker to execute arbitrary code via the action parameter of the "compress-inc.php" file. This vulnerability is associated...

WebLabyrinth SQL注入漏洞

WebLabyrinth is a simple tool by Rafael Rotelok personal developer. A scanner used to delay and occupy malicious scanning sites to detect event handlers and react to them before damage is done. WebLabyrinth version 0.3.1 suffers from a SQL injection vulnerability that stems from a problem with th...

CVE-2019-9662

An issue was discovered in JTBCPHP 3.0.1.8. Its cache management module is flawed. An arbitrary file ending in "inc.php" can be deleted via a console/cache/manage.php?type=action&action=batch&batch=delete&ids=../ substring...

LiteCart File Upload Vulnerability

LiteCart is a free PHP-based e-commerce platform. The platform provides product categorization, payment checkout and search engine and other functions. A security vulnerability exists in the admin/vqmods.app/vqmods.inc.php file in LiteCart versions prior to 2.1.3. A remote attacker can exploit th...

phpMyAdmin security bypass vulnerability (CNVD-2018-10169)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in the...

biweb SQL Injection Vulnerability

BIWEB Business Intelligence Website System is a website system relying on ArthurXF enterprise application-level PHP development framework, developed and designed by the Shanghai NetWorks Network Information Co., Ltd. is a rapid development, simple and easy to use object-oriented enterprise...

DedeCmsV5. 6 local contains another use-vulnerability warning-the black bar safety net

Article author: jannock Continued local contains include/arc.datalist.class.php $codefile = isset$needCode ? $needCode : $cfgsoftlang; iffileexistsDEDEINC.'/ code/datalist.'.$ codefile.'. inc' requireonceDEDEINC.'/ code/datalist.'.$ codefile.'. inc'; Contains this file can contain . inc file type...

Use google to conduct“penetration testing”-vulnerability warning-the black bar safety net

One, use google to find is people who installed a php webshell back door of the host, and test the ability to use; Second, use google to find exposed INC sensitive information. OK, now we start: 1. Lookup using a php webshell We in the google search box fill in: Code: intitle:"php shell" "Enable...

Use google to carry out penetration testing-vulnerability warning-the black bar safety net

Today we are penetration testers in the implementation of the attack before, often the first information-gathering, which is the vulnerability is confirmed and the final exploits, expanding the war fruit. Here we are now going to talk about is: One, use google to find is people who installed a ph...

CVE-2007-0639

Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via 1 a REMOTEADDR cookie or 2 a cookie specifying an element of the msg array with an error number in the first...

CVE-2007-0639

GuppY 4.5.16 and earlier is affected by multiple static code injection vulnerabilities in error.php that let remote attackers inject arbitrary PHP code into a data/.inc file via cookies (REMOTE_ADDR or msg[...] with an error dimension). Exploitation would impact confidentiality, integrity, and av...

PT-2006-5967 · Isearch · Isearch

Name of the Vulnerable Software and Affected Versions: iSearch version 2.16 Description: The issue concerns remote file inclusion vulnerabilities that could allow remote attackers to execute arbitrary PHP code. This is achieved by providing a URL in the isearch path parameter within various PHP...

phpQuestionnaire 3.12 (phpQRootDir) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ===================================================================== phpQuestionnaire 3.12 phpQRootDir Remote File Include Vulnerability ===================================================================== SolpotCrew Community...