CVE-2018-13010

WSTMall v1.9.1170316 has CSRF via the index.php?m=Admin=Users=edit URI to add a user account...

CVE-2010-1541

Multiple cross-site scripting XSS vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 category and 2 listquantity parameters to index.php, and the 3 category parameter to your.order.php...

CVE-2012-0973

Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the 1 oscsearchcategoryid function in oc-includes/osclass/helpers/hSearch.php and 2 findBySlug functio...

CVE-2017-20170

A vulnerability was found in ollpu parontalli. It has been classified as critical. Affected is an unknown function of the file httpdocs/index.php. The manipulation of the argument s leads to sql injection. The patch is identified as 6891bb2dec57dca6daabc15a6d2808c8896620e5. It is recommended to...

CVE-2019-25099

A vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects unknown code of the file index.php. The manipulation of the argument a leads to path traversal. The patch is identified as ea4f61e23ecb83247d174bc2e2cbab521c751a7d. It is recommended to apply a pat...

CVE-2019-11450

whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection...

CVE-2019-13472

PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the index.php file...

CVE-2019-16311

NIUSHOP V1.11 has CSRF via searchinfo to index.php...

CVE-2018-15130

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group∾=create=do groupdesc parameter...

CVE-2018-20597

UCMS 1.4.7 has XSS via the dir parameter in an index.php sadminfileedit action...

CVE-2018-10128

An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php...

CVE-2017-10667

In index.php in Zen Cart 1.6.0, the productsid parameter can cause XSS...

CVE-2018-1000848

Wampserver version prior to version 3.1.5 contains a Cross Site Scripting XSS vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later...

CVE-2012-6513

Cross-site scripting XSS vulnerability in index.php/AdminPreferences in gpEasy CMS 2.3.3 allows remote attackers to inject arbitrary web script or HTML via the jsoncallback parameter...

CVE-2010-3601

SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter...

CVE-2010-4359

SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter...

CVE-2011-1009

Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter...

CVE-2019-13977

index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms=create=0=y, tg=delegat, tg=site=create, tg=site=4, tg=admdir=mdb=1, tg=notes=Create, tg=admfaqs=Add, or tg=admoc=addoc=...

CVE-2010-4360

Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the 1 note and 2 pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

CVE-2018-12909

Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem that the webserver user has access to via an index.php?op=fileviewer= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment...