Lucene search
K

24 matches found

CVE
CVE
added 2026/07/01 4:8 p.m.14 views

CVE-2026-34099

The Guardian Language-System is vulnerable to unauthenticated SQL injection through the id parameter in job_info.php. The code directly injects $_GET['id'] into an unsanitized query (SELECT * FROM jobs where id = '...'), enabling error-based SQL injection without authentication. Reported impacts ...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:8 p.m.6 views

EUVD-2026-41056

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 1:31 p.m.36 views

CVE-2026-11772 Reflected XSS in DRIMO CMS

DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...

5.1CVSS0.00378EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 1:31 p.m.11 views

EUVD-2026-38450

DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...

5.1CVSS6.1AI score0.00378EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 1:31 p.m.21 views

CVE-2026-11772

DRIMO CMS is affected by a Reflected XSS in the searching functionality, triggered via the q parameter. The vulnerability allows arbitrary JavaScript execution in the victim’s browser when a crafted URL is opened. The affected software is at end-of-life and no security updates are planned. Mitiga...

5.1CVSS6.1AI score0.00378EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/18 2:45 a.m.10 views

CVE-2026-8785 projectworlds hospital-management-system-in-php GET Parameter update_info.php getAllPatientDetail sql injection

A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file updateinfo.php of the component GET Parameter Handler. Executing a manipulation of the argument appointmentno can lead to sql injection. The...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5
NVD
NVD
added 2026/01/29 1:16 a.m.8 views

CVE-2026-1552

A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMSInfo.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be...

9.8CVSS0.00343EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-26147

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00465EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/09/13 2:2 a.m.4 views

CVE-2025-10332 cdevroe unmark info.php cross site scripting

A vulnerability was found in cdevroe unmark up to 1.9.3. Impacted is an unknown function of the file application/views/marks/info.php. Performing manipulation of the argument Title results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public...

5.1CVSS3.7AI score0.00244EPSS
Exploits1References3
OSV
OSV
added 2024/11/01 3:15 p.m.3 views

CVE-2024-10657

A vulnerability classified as critical has been found in Tongda OA up to 11.10. Affected is an unknown function of the file /pda/approvecenter/prcsinfo.php. The manipulation of the argument RUNID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed ...

9.8CVSS5.7AI score0.00686EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/05/19 12:0 a.m.7 views

PT-2023-23451 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS versions up to 5.7.108 Description: The issue concerns a problem where an attacker can execute malicious scripts. This is possible due to a flaw in the sys info.php file, specifically through the parameters edit cfg powerby and edit c...

5.4CVSS6.9AI score0.00447EPSS
Exploits1References5
OSV
OSV
added 2022/10/28 4:15 p.m.4 views

CVE-2021-38730

SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via AntInfo.php...

9.8CVSS5.8AI score0.00798EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/10/28 12:0 a.m.3 views

SEMCMS SQL注入漏洞

SEMCMS is a multilingual content management system CMS for foreign trade websites. A SQL injection vulnerability exists in SEMCMS SHOP version 1.1, which stems from a SQL injection issue in AntInfo.php...

9.8CVSS8.5AI score0.00798EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/08/17 8:15 p.m.2 views

CVE-2022-36215

DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sysinfo.php...

7.2CVSS7.7AI score0.01719EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/12/02 12:0 a.m.4 views

Haschek Solutions Pictshare 跨站脚本漏洞

Haschek Solutions Pictshare is an open source image, Mp4, Pastebin hosting service from Haschek Solutions, Austria. A cross-site scripting vulnerability exists in Haschek Solutions Pictshare that stems from the exit function in the product api/info.php file not effectively filtering input data. T...

6.1CVSS5.9AI score0.00639EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/09/19 12:0 a.m.4 views

PT-2020-16206 · D Link +1 · D-Link Dir-816L +2

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816L version 2.06.B09 BETA D-Link DIR-803 version 1.04.B02 Description: The issue allows for XSS via the HTTP Referer header in the webinc/js/info.php file. This typically is not exploitable due to URL encoding, except in Internet...

6.1CVSS6.1AI score0.00988EPSS
Exploits1References4
CNVD
CNVD
added 2020/07/23 12:0 a.m.2 views

D-Link DIR-816L Cross-Site Scripting Vulnerability

The D-Link DIR-816L is a wireless AC750 dual-band cloud router. A cross-site scripting vulnerability exists in the D-Link DIR-816L. The vulnerability stems from the webinc/js/info.php file printing the RESULT parameter on a web page without applying any output filter. An attacker can exploit this...

6.1CVSS6.3AI score0.02835EPSS
Exploits1References1
OSV
OSV
added 2020/07/22 7:15 p.m.4 views

CVE-2020-15895

An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage...

6.1CVSS6.5AI score0.02835EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2020/07/22 12:0 a.m.8 views

PT-2020-14693 · D Link · Dir-816

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816L devices versions 2.x before 1.10b04Beta02 Description: A security issue was found where an XSS problem exists due to a lack of output filtration applied to the RESULT parameter in the file webinc/js/info.php, which is then...

6.1CVSS6.1AI score0.02835EPSS
Exploits1References3
OSV
OSV
added 2018/05/16 1:29 p.m.3 views

CVE-2018-10736

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter...

7.2CVSS5.8AI score0.42556EPSS
Exploits2References1
Rows per page
Query Builder