PT-2025-16837 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: The issue allows an authenticated remote attacker to bypass authorization controls, read from and write to the application's database, and execute code with "NT...

CVE-2025-1098

CVE-2025-1098 affects the Ingress-NGINX Controller (Admission Controller) used in Kubernetes. The vulnerability arises from the mirror-target/mirror-host annotations, which can inject arbitrary configuration into nginx, enabling arbitrary code execution in the ingress-nginx process and potential ...

CVE-2021-39172

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...

CVE-2022-40677

A improper neutralization of argument delimiters in a command 'argument injection' in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code...

CVE-2019-3631

Command Injection vulnerability in McAfee Enterprise Security Manager ESM prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters...

CVE-2024-24914

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available...

CVE-2025-0172 code-projects Chat System deleteroom.php sql injection

A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/deleteroom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit ha...

PT-2025-3761 · Unknown · Code-Projects Chat System

Name of the Vulnerable Software and Affected Versions: code-projects Chat System version 1.0 Description: A critical issue has been found in the code-projects Chat System, affecting an unknown functionality of the file /admin/deleteroom.php. The manipulation of the id argument leads to SQL...

CVE-2024-13035 code-projects Chat System update_user.php sql injection

A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/updateuser.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed t...

CVE-2024-12962 code-projects Job Recruitment _all_edits.php sql injection

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /parse/alledits.php. The manipulation of the argument skillset leads to sql injection. The attack can be launched remotely. The...

Sql injection

Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID...

CVE-2023-7097 code-projects Water Billing System addbill.php sql injection

A vulnerability classified as critical has been found in code-projects Water Billing System 1.0. This affects an unknown part of the file /addbill.php. The manipulation of the argument ownersid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed ...

CVE-2023-34334

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...

CVE-2015-20108

xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...

Online Book Store 1.0 SQL Injection

Exploit Title: Online Book Store 1.0 - process.php SQL injection Google Dork: 4/26/2023 Exploit Author: Or4nG.M4n Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/ Software Link:...

CVE-2022-4034 Appointment Hour Booking <= 1.3.72 - CSV Injection

The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's...

CVE-2022-1360 Cambium Networks cnMaestro OS Command Injection

The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings...

CVE-2022-23808

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection...

PT-2021-7092

Name of the Vulnerable Software and Affected Versions Atlassian Confluence Server and Data Center versions prior to 7.4.17 Atlassian Confluence Server and Data Center versions 7.13.0 through 7.13.6 Atlassian Confluence Server and Data Center versions 7.14.0 through 7.14.2 Atlassian Confluence...

Play TV 1.25.1 Build r123776 DLL Hijacking

Document Title: =============== Play TV v1.25.1Build r123776 - DLL Hijack Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2085 Release Date: ============= 2017-09-04 Vulnerability Laboratory ID VL-ID: ====================================...