ECTouch v2 - SQL Injection

ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr'id' parameter at \default\helpers\insert.php. id: CVE-2023-39560 info: name: ECTouch v2 - SQL Injection author: s4e-io severity: critical description: | ECTouch v2 was discovered to contain a SQL injection vulnerabili...

CVE-2021-47956

EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers can send POST requests to insert.php with malicious firstname values to extract sensitive databas...

CVE-2026-6161 code-projects Simple ChatBox Endpoint insert.php sql injection

A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2026-6159

CVE-2026-6159 affects code-projects Simple ChatBox up to version 1.0. The vulnerability is in the Endpoint component’s file /chatbox/insert.php where manipulating the msg parameter leads to a cross-site scripting (XSS) issue. It can be triggered remotely and exploitation has been publicly disclos...

PT-2026-32260

A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown functionality of the file /chatbox/insert.php of the component Endpoint. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from...

Code-Projects Simple ChatBox 代码注入漏洞

Code-Projects Simple ChatBox is a simple chat box system developed by Code-Projects as open source. Versions of Code-Projects Simple ChatBox 1.0 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “msg” in the file...

EUVD-2023-36231

Malicious code in bioql PyPI...

CVE-2023-39560

ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr'id' parameter at \default\helpers\insert.php...

CVE-2023-39560

ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr'id' parameter at \default\helpers\insert.php...

Sql injection

ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr'id' parameter at \default\helpers\insert.php...

CVE-2023-39560

ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr'id' parameter at \default\helpers\insert.php...

CVE-2023-39560

ECTouch v2 is affected by a SQL injection flaw in default/helpers/insert.php via the id parameter ($arr['id']). The vulnerability allows unauthenticated attackers to extract database contents (e.g., customer data, orders, payments). Root cause: use of non-parameterized SQL queries. Evidence from ...

CVE-2023-39560

ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr'id' parameter at \default\helpers\insert.php...

CVE-2023-31942

Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php...

CVE-2023-31942

Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php...

Barcodes generator 1.0 - 'name' Stored Cross Site Scripting

Exploit Title: Barcodes generator 1.0 - 'name' Stored Cross Site Scripting Date: 10/12/2020 Exploit Author: Nikhil Kumar Vendor Homepage: http://egavilanmedia.com/ Software Link: http://egavilanmedia.com/barcodes-generator-using-php-mysql-and-jsbarcode-library/ Version: 1.0 Tested On: Ubuntu 1...

CVE-2017-11416

Fiyo CMS 2.0.7 has SQL injection in /apps/appcomment/controller/insert.php via the name parameter...