CVE-2020-37006

berliCRM 1.0.24 contains a SQL injection vulnerability in the 'srcrecord' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information...

EUVD-2023-60205

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

CVE-2023-53926 PHPJabbers Simple CMS 5.0 SQL Injection via Column Parameter

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

CVE-2025-63739

An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint...

Code-Projects Library System SQL注入漏洞

Library System is a library system. Library System suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Username in the file /index.php. The vulnerability can be exploited by an attacker to execute illegal SQL...

CVE-2023-41364

In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection...

PT-2025-37378

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description Chamilo is a learning management system. A blind Server-Side Request Forgery SSRF condition exists due to insufficient validation of incoming requests used in the operating system command. Successf...

PT-2024-27759

Name of the Vulnerable Software and Affected Versions CodeProjects Restaurant Reservation System version 1.0 Description The issue is related to a reflected cross-site scripting XSS vulnerability. This vulnerability occurs via the Date parameter at the "index.php" endpoint. There is no informatio...

PT-2024-27682 · Unknown · Zhimengzhe Ibarn

Name of the Vulnerable Software and Affected Versions: zhimengzhe iBarn version 1.5 Description: A reflected cross-site scripting XSS issue was discovered, which can be exploited via the search parameter at the "/index.php" API endpoint. This allows for potentially malicious scripts to be execute...

CVE-2023-7161

A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument checkVirtualSiteId leads to sql injection. It is possible to initiat...

PT-2023-6860 · Opnsense · Opnsense

Name of the Vulnerable Software and Affected Versions: OPNsense versions prior to 23.7.5 Description: The issue is related to the lack of protection of the web page structure in the OPNsense operating system. This can be exploited by a remote attacker to conduct cross-site scripting attacks using...

CVE-2023-41364

In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection...

PT-2023-11498 · Unknown · Chaoji Cms

Name of the Vulnerable Software and Affected Versions: Chaoji CMS version 2.18 Description: A stored cross site scripting XSS issue in the /index.php?admin-master-article-edit endpoint of Chaoji CMS allows attackers to obtain administrator privileges. Recommendations: For Chaoji CMS version 2.18,...

PT-2023-22329 · Lmxcms · Lmxcms

Name of the Vulnerable Software and Affected Versions: lmxcms version 1.4.1 Description: The issue is a SQL injection vulnerability. It can be exploited via the setbook parameter at the "index.php" endpoint. Recommendations: For lmxcms version 1.4.1, consider restricting access to the setbook...

Ginkgo CMS - 'index.php?rang' SQL Injection

/\ \ /\ \ /\ \ /\ \ /\ \ /\ \ /\ /\ \ \ \ \ //\ \///'/'\ \ \ \ \ /'\ \ \ \L\ \ \ \ \ \ \ \ \ /\ /\ \ \ \ \ //'/' \ \ \ /'\ /'\ \ , \ \ , /\ \ \ \ \ \ \ \L\ \ \ \ \ \ \ //'/' \ \ \ \ /\ \L./\ /\ \ \\ \ \ \ \ \ \ \ \ /\ / /\/\\ \ \ /.\ \\ \ \/\\ \ \ \ // // ////...

PT-2012-5160 · Pbboard · Pbboard

Name of the Vulnerable Software and Affected Versions: PBBoard version 2.1.4 Description: The issue allows remote attackers to change the password of arbitrary user accounts. This is achieved by exploiting the new password page, specifically through the member id and new password parameters to th...