GHSA-GC9W-CC93-RJV8 Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API)

Summary PhpHelper::parseArrayToString writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with changeserversettings permission adds or updates a MySQL server via the API, the privilegeduser parameter which has no input validation is written...

PT-2026-23679

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames,...

CVE-2020-10220

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter...

CVE-2025-65472

A Cross-Site Request Forgery CSRF in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious web page...

CVE-2025-61455

CVE-2025-61455 describes a SQL Injection in the E-commerce project (v1.0) signup.inc.php, caused by directly using unsanitized user input in SQL queries. The vulnerability enables unauthenticated authentication bypass and full backend access; the exposed parameter is typically the email field wit...

CVE-2015-1347

Cross-site scripting XSS vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the servicetype parameter in services.inc.php. PoC Pass in a servicetype parameter value...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the hostname parameter in capture.inc.php, when creating a new device. PoC Pass in a...

Openupload Stable Code Issue Vulnerability

Openupload Stable is a web application. A security vulnerability exists in Openupload Stable version v.0.4.3, which originates from a file upload vulnerability in the file compress-inc.php. The vulnerability can be exploited to execute arbitrary code via the action parameter...

CVE-2022-32119

Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1financemaster.inc.php...

Librenms 路径遍历漏洞

Librenms is a Librenms community of open source network monitoring system based on PHP and MySQL. The system features custom alerts, automatic discovery of network environments and automatic updates.Librenms suffers from a path traversal vulnerability that stems from Librenms 21.11.0 being affect...

CVE-2021-25297

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...

Observium Directory Traversal and Local File Inclusion Vulnerability

Observium is a low-maintenance auto-discovery network monitoring platform that supports multiple device types, platforms and operating systems. Observium suffers from a directory traversal and local file inclusion vulnerability. The vulnerability stems from the ability to load any file with the...

Observium Directory Traversal and Local File Inclusion Vulnerability (CNVD-2020-62451)

Observium is a low-maintenance auto-discovery network monitoring platform that supports multiple device types, platforms and operating systems. Observium suffers from a directory traversal and local file inclusion vulnerability. The vulnerability stems from the ability to load any file with the...

Observium Directory Traversal and Local File Inclusion Vulnerability (CNVD-2020-62450)

Observium is a low-maintenance auto-discovery network monitoring platform that supports multiple device types, platforms and operating systems. Observium suffers from a directory traversal and local file inclusion vulnerability. The vulnerability stems from the ability to load any file with the...

CVE-2020-25144

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files even though...

Enhancesoft osTicket cross-site scripting vulnerability (CNVD-2020-49350)

Enhancesoft osTicket is a U.S. Enhancesoft's open source ticketing system. A cross-site scripting vulnerability exists in versions prior to Enhancesoft osTicket 1.14.3. The vulnerability is related to the affected version failing to properly validate client data. Because of an unvalidated echo $...

CVE-2019-12960

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter pdtsd...

FusionPBX Operator Panel Module Cross-Site Scripting Vulnerability

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A cross-site scripting vulnerability exists in the app/operatorpanel/indexinc.php file of t...

CVE-2019-9166

Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and importxiconfig.php...