24 matches found
CVE-2026-34099
The Guardian Language-System is vulnerable to unauthenticated SQL injection through the id parameter in job_info.php. The code directly injects $_GET['id'] into an unsanitized query (SELECT * FROM jobs where id = '...'), enabling error-based SQL injection without authentication. Reported impacts ...
EUVD-2026-41056
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...
CVE-2026-11772 Reflected XSS in DRIMO CMS
DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...
EUVD-2026-38450
DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...
CVE-2026-11772
DRIMO CMS is affected by a Reflected XSS in the searching functionality, triggered via the q parameter. The vulnerability allows arbitrary JavaScript execution in the victim’s browser when a crafted URL is opened. The affected software is at end-of-life and no security updates are planned. Mitiga...
CVE-2026-8785 projectworlds hospital-management-system-in-php GET Parameter update_info.php getAllPatientDetail sql injection
A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file updateinfo.php of the component GET Parameter Handler. Executing a manipulation of the argument appointmentno can lead to sql injection. The...
CVE-2026-1552
A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMSInfo.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be...
EUVD-2025-26147
Malicious code in bioql PyPI...
CVE-2025-10332 cdevroe unmark info.php cross site scripting
A vulnerability was found in cdevroe unmark up to 1.9.3. Impacted is an unknown function of the file application/views/marks/info.php. Performing manipulation of the argument Title results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public...
CVE-2024-10657
A vulnerability classified as critical has been found in Tongda OA up to 11.10. Affected is an unknown function of the file /pda/approvecenter/prcsinfo.php. The manipulation of the argument RUNID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed ...
PT-2023-23451 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS versions up to 5.7.108 Description: The issue concerns a problem where an attacker can execute malicious scripts. This is possible due to a flaw in the sys info.php file, specifically through the parameters edit cfg powerby and edit c...
CVE-2021-38730
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via AntInfo.php...
SEMCMS SQL注入漏洞
SEMCMS is a multilingual content management system CMS for foreign trade websites. A SQL injection vulnerability exists in SEMCMS SHOP version 1.1, which stems from a SQL injection issue in AntInfo.php...
CVE-2022-36215
DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sysinfo.php...
Haschek Solutions Pictshare 跨站脚本漏洞
Haschek Solutions Pictshare is an open source image, Mp4, Pastebin hosting service from Haschek Solutions, Austria. A cross-site scripting vulnerability exists in Haschek Solutions Pictshare that stems from the exit function in the product api/info.php file not effectively filtering input data. T...
PT-2020-16206 · D Link +1 · D-Link Dir-816L +2
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816L version 2.06.B09 BETA D-Link DIR-803 version 1.04.B02 Description: The issue allows for XSS via the HTTP Referer header in the webinc/js/info.php file. This typically is not exploitable due to URL encoding, except in Internet...
D-Link DIR-816L Cross-Site Scripting Vulnerability
The D-Link DIR-816L is a wireless AC750 dual-band cloud router. A cross-site scripting vulnerability exists in the D-Link DIR-816L. The vulnerability stems from the webinc/js/info.php file printing the RESULT parameter on a web page without applying any output filter. An attacker can exploit this...
CVE-2020-15895
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage...
PT-2020-14693 · D Link · Dir-816
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816L devices versions 2.x before 1.10b04Beta02 Description: A security issue was found where an XSS problem exists due to a lack of output filtration applied to the RESULT parameter in the file webinc/js/info.php, which is then...
CVE-2018-10736
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter...