Lucene search
K

690 matches found

Vulnrichment
Vulnrichment
•added 2026/03/21 3:30 p.m.•2 views

CVE-2019-25573 Green CMS 2.x SQL Injection via cat Parameter

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...

7.1CVSS6.2AI score0.00342EPSS
Exploits1References4
NVD
NVD
•added 2026/03/12 4:16 p.m.•4 views

CVE-2019-25541

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in...

8.8CVSS0.00373EPSS
Exploits1References2
CVE
CVE
•added 2026/03/12 3:37 p.m.•11 views

CVE-2019-25543

Netartmedia Real Estate Portal 5.0 contains an unauthenticated SQL injection in the page parameter (via index.php) that allows attackers to manipulate queries, potentially bypass authentication and access or modify data. The vulnerability affects the server-side SQL handling of the page field. CV...

8.8CVSS5.9AI score0.0046EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/12 3:37 p.m.•6 views

CVE-2019-25542

Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the useremail parameter. Attackers can send POST requests to index.php with malicious payloads in the useremail field to...

8.8CVSS5.9AI score0.0046EPSS
Exploits1References2Affected Software1
CVE
CVE
•added 2026/03/12 3:37 p.m.•10 views

CVE-2019-25542

CVE-2019-25542 affects Netartmedia Real Estate Portal 5.0. The vulnerability is an SQL injection in the user_email parameter of index.php, exploitable by unauthenticated attackers to manipulate database queries. The attack can bypass authentication and potentially extract sensitive data or modify...

8.8CVSS5.9AI score0.0046EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/12 3:37 p.m.•6 views

CVE-2019-25541

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in...

8.8CVSS5.8AI score0.00373EPSS
Exploits1References2Affected Software1
CVE
CVE
•added 2026/03/12 3:37 p.m.•13 views

CVE-2019-25539

CVE-2019-25539 affects 202CMS v10 beta. The vulnerability is a blind, time-based SQL injection in the log_user parameter via POST to index.php, exploitable by unauthenticated attackers to extract sensitive database information. Impact details from the entry indicate high confidentiality impact an...

8.8CVSS5.9AI score0.00415EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
•added 2026/03/12 3:37 p.m.•27 views

CVE-2019-25530 uHotelBooking System Lastest SQL Injection via system_page Parameter

uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the systempage GET parameter. Attackers can send crafted requests to index.php with malicious systempage values using time-based blind SQ...

8.8CVSS0.00335EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/03/12 12:0 a.m.•7 views

PT-2026-24990

uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system page GET parameter. Attackers can send crafted requests to index.php with malicious system page values using time-based blind...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/03/12 12:0 a.m.•10 views

PT-2026-24999

🚨 CVE-2019-25539 202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log user parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind...

8.8CVSS6AI score0.00415EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 2026/03/12 12:0 a.m.•6 views

PT-2026-25002

Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user email parameter. Attackers can send POST requests to index.php with malicious payloads in the user email field to...

8.8CVSS5.9AI score0.0046EPSS
Exploits1References3
EUVD
EUVD
•added 2026/03/11 3:31 p.m.•6 views

EUVD-2026-11174

A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may b...

5.1CVSS4.3AI score0.00191EPSS
Exploits0References6
Cvelist
Cvelist
•added 2026/03/11 3:2 p.m.•34 views

CVE-2026-3946 PHPEMS index.php cross site scripting

A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may b...

5.1CVSS0.00191EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/03/09 8:2 a.m.•8 views

CVE-2026-3702

A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. The attack is possible to be carried out remotely. The exploit is...

6.1CVSS4.3AI score0.00305EPSS
Exploits1References1
CNVD
CNVD
•added 2026/03/09 12:0 a.m.•4 views

Chamilo index.php file SQL injection vulnerability

Chamilo is a learning management system open source by Chamilo. Chamilo index.php file contains a SQL injection vulnerability , an attacker can use the vulnerability to execute illegal SQL commands to steal sensitive database data...

9.8CVSS6AI score0.00587EPSS
Exploits1References1
Vulnrichment
Vulnrichment
•added 2026/03/08 4:2 a.m.•5 views

CVE-2026-3702 SourceCodester Loan Management System index.php cross site scripting

A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. The attack is possible to be carried out remotely. The exploit is...

5.3CVSS4.3AI score0.00305EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
•added 2026/03/08 4:2 a.m.•6 views

CVE-2026-3702

A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. The attack is possible to be carried out remotely. The exploit is...

5.3CVSS4.3AI score0.00305EPSS
Exploits1References5Affected Software1
EUVD
EUVD
•added 2026/03/06 3:31 p.m.•7 views

EUVD-2018-21630

Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifian...

8.8CVSS6.1AI score0.00251EPSS
Exploits0References3
EUVD
EUVD
•added 2026/03/06 3:31 p.m.•10 views

EUVD-2018-21621

Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to index.php with crafted SQL payloads in the search parameter to...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/03/06 12:19 p.m.•4 views

CVE-2018-25197 PlayJoom 0.10.1 SQL Injection via catid Parameter

PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with option=complayjoom&view=genre&catid=SQL to extract sensitive...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References2
Rows per page
Query Builder