EUVD-2023-58995

Malicious code in bioql PyPI...

Eloqua - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-063

This module integrates webforms with eloqua, an automated marketing and demand generation software built to improve the quality and quantity of customers' sales leads and streamline their sales processes. In certain cases the module doesn't sufficiently sanitize data before passing it to PHP's...

Monster Menus - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-052

This module enables you to group nodes within pages that have a highly-granular, distributed permissions structure. In certain cases the module doesn't sufficiently sanitize data before passing it to PHP's unserialize function, which can result in arbitrary code execution...

OpenCart 1.4.7 < 2.0.0.0 Directory Traversal Vulnerability

OpenCart is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:opencart:opencart"; if...

CVE-2023-30944

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database...

Small CRM 3.0 - &#039;Authentication Bypass&#039; SQL Injection

Exploit Title: Small CRM 3.0 - 'Authentication Bypass' SQL Injection Date: 12/06/2021 Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Tested on: Server: XAMPP Description Small CRM 3.0 is vulnerable to SQL...

CVE-2019-0093

Insufficient data sanitization vulnerability in HECI subsystem for IntelR CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and IntelR SPS before version SPSE305.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access...

Uni-vert PhpLeague 0.82 Joueurs.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19880/info Uni-vert PhpLeague is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. This issue may allow an attacker to compromise the application, access or modify data,...

Community Link Pro Login.CGI File Parameter Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14097/info Community Link Pro is prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. Due to this, an attacker can prefix arbitrar...

Go Smart Inc GoSmart Message Board Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11361/info GoSmart Message Board is reported prone to multiple input validation vulnerabilities. These issues may allow a remote attacker to carry out cross-site scripting and SQL injection attacks. The cause of these iss...

BosDev BosDates 3.x SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9639/info An SQL injection vulnerability has been reported to affect BosDates calendar system. The issue arises due to insufficient sanitization of user supplied data. As a result of this issue an attacker could modify th...

cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attack...

FuseTalk Forum 4.0 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11407/info FuseTalk Forum is reported prone to multiple input validation vulnerabilities. These issues may allow a remote attacker to carry out cross-site scripting attacks. The cause of these issues is insufficient...

PHPizabi 0.8 - notepad_body SQL Injection

PHPizabi 0.8 - notepadbody SQL Injection source: https://www.securityfocus.com/bid/34223/info PHPizabi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromi...

Quick Classifieds 1.0 - controlcenterupdate.php3?DOCUMENT_ROOT Remote File Inclusion

Quick Classifieds 1.0 - controlcenterupdate.php3?DOCUMENTROOT Remote File Inclusion source: https://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues...

PHP-Nuke Sections Module - artid SQL Injection

PHP-Nuke Sections Module - artid SQL Injection source: https://www.securityfocus.com/bid/27879/info The PHP-Nuke Sections module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could all...

XOOPS &#039;seminars&#039; Module - &#039;id&#039; SQL Injection

source: https://www.securityfocus.com/bid/27891/info The XOOPS 'seminars' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...

Particle Blogger 1.2.1 - &#039;Archives.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/24232/info Particle Blogger is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...

Viper Web Portal 0.1 - &#039;index.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/22979/info Viper Web Portal is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks ar...

Tagit! Tagit2b 2.1.B Build 2 - &#039;/tagmin/index.php?adminpath&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other...