Lucene search
K

688 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/06 12:19 p.m.6 views

CVE-2018-25184

Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files li...

6.9CVSS5.9AI score0.008EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 12:19 p.m.3 views

CVE-2018-25175 Alienor Web Libre 2.0 SQL Injection via index.php

Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifian...

8.8CVSS6.1AI score0.00251EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:19 p.m.3 views

CVE-2018-25175

Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifian...

8.8CVSS6.1AI score0.00251EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/06 12:19 p.m.9 views

CVE-2018-25175

CVE-2018-25175 affects Alienor Web Libre 2.0. It is an SQL injection in index.php where the identifiant parameter can be injected via crafted POST requests, allowing unauthenticated attackers to extract sensitive database information (usernames, databases, version details). Root cause: unsanitize...

8.8CVSS6.1AI score0.00251EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/06 12:19 p.m.32 views

CVE-2018-25175 Alienor Web Libre 2.0 SQL Injection via index.php

Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifian...

8.8CVSS0.00251EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.7 views

PT-2026-23695

Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files li...

6.9CVSS5.9AI score0.008EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/05 7:30 p.m.8 views

CVE-2019-25507

Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection t...

8.8CVSS6AI score0.00237EPSS
Exploits0References1
NVD
NVD
added 2026/03/04 6:16 p.m.8 views

CVE-2019-25507

Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection t...

8.8CVSS0.00237EPSS
Exploits0References2
CVE
CVE
added 2026/03/04 5:15 p.m.10 views

CVE-2019-25507

Ashop Shopping Cart Software is affected by an SQL injection vulnerability in the index.php handler: the 'shop' parameter accepts malicious input leading to UNION-based SQL injection. This is exploitable by unauthenticated attackers and can disclose sensitive data due to the high impact on confid...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/04 5:15 p.m.5 views

CVE-2019-25507

Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection t...

8.8CVSS6AI score0.00237EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.7 views

CVE-2025-50190

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assochandle parameter with the /index.php script. This issue has been patched in version 1.11.30...

9.8CVSS5.9AI score0.00587EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.8 views

PT-2026-22962

Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection t...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/02 3:50 p.m.30 views

CVE-2025-50199 Chamilo: Blind Server-Side Request Forgery (Unauth Blind SSRF)

Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openidurl parameter. This issue has been patched in version 1.11.30...

7.7CVSS0.00364EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/02 3:50 p.m.4 views

CVE-2025-50199 Chamilo: Blind Server-Side Request Forgery (Unauth Blind SSRF)

Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openidurl parameter. This issue has been patched in version 1.11.30...

7.7CVSS5.9AI score0.00364EPSS
Exploits1References2
OSV
OSV
added 2026/03/02 2:53 p.m.8 views

CVE-2025-50190 Chamilo: Error-based SQL Injection via GET openid.assoc_handle with the /index.php script

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assochandle parameter with the /index.php script. This issue has been patched in version 1.11.30...

8.8CVSS5.9AI score0.00587EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/02 2:53 p.m.7 views

EUVD-2025-208159

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assochandle parameter with the /index.php script. This issue has been patched in version 1.11.30...

8.8CVSS5.9AI score0.00587EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.5 views

Chamilo 代码问题漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had code vulnerabilities. These vulnerabilities stemmed from improper handling of the POST parameter openidurl in the file/index.php file, which could lead to blind SRFI attacks...

9.1CVSS5.9AI score0.00364EPSS
Exploits1References2
NVD
NVD
added 2026/02/26 10:20 p.m.7 views

CVE-2026-3261

A flaw has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published an...

9.8CVSS0.00326EPSS
Exploits1References5
CVE
CVE
added 2026/02/23 11:2 p.m.17 views

CVE-2026-3042

The CVE-2026-3042 entry concerns itsourcecode Event Management System 1.0. The vulnerability affects the /admin/index.php file where manipulating the ID argument leads to SQL injection, exploitable remotely, with publicly available exploit information. Multiple connected sources corroborate the i...

9.8CVSS7.3AI score0.00425EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.10 views

PT-2026-21576

Name of the Vulnerable Software and Affected Versions itsourcecode Event Management System version 1.0 Description A SQL injection issue exists in itsourcecode Event Management System version 1.0. Remote attackers can exploit this by manipulating the ID argument in the /admin/index.php file. The...

9.8CVSS7.1AI score0.00425EPSS
Exploits1References11
Rows per page
Query Builder