CVE-2025-10944

A weakness has been identified in yi-ge get-header-ip up to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. This issue affects the function ip of the file ip.php. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. This product uses a rolling...

CVE-2025-10944 yi-ge get-header-ip ip.php cross site scripting

A weakness has been identified in yi-ge get-header-ip up to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. This issue affects the function ip of the file ip.php. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. This product uses a rolling...

get-header-ip 代码注入漏洞

get-header-ip is an interface for Yige Personal Developer to get client IP address. A code injection vulnerability exists in get-header-ip 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15 and earlier versions, which stems from incorrect manipulation of the callback parameter of the function ip in the fil...

CVE-2025-55473

Asian Arts Talents Foundation AATF Website v5.1.x and Docker version 2024.12.8.1 are vulnerable to Cross Site Scripting XSS. The vulnerability exists in the /ip.php endpoint, which processes and displays the X-Forwarded-For HTTP header without proper sanitization or output encoding. This allows a...

PT-2023-28733 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 12.9 Description: The issue is related to an arbitrary file write vulnerability. This vulnerability is present in the component admin ip.php. Recommendations: For SeaCMS version 12.9, consider disabling access to the admin ip.p...

PT-2023-15570 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: Seacms version 12.7 Description: The issue is related to a remote code execution RCE vulnerability. It can be exploited via the ip parameter at the "admin ip.php" endpoint. Recommendations: For Seacms version 12.7, consider restricting access...

Sql injection

An issue was discovered in MK-AUTH 19.01. There are SQL injection issues in mkt/ PHP scripts, as demonstrated by arp.php, dhcp.php, hotspot.php, ip.php, pgaviso.php, pgcorte.php, pppoe.php, queues.php, and wifi.php...

CVE-2020-14069

CVE-2020-14069 affects MK-AUTH 19.01, with SQL injection in the mkt/ PHP scripts (arp.php, dhcp.php, hotspot.php, ip.php, pgaviso.php, pgcorte.php, pppoe.php, queues.php, wifi.php). Root cause is improper handling of user-supplied input leading to SQL injection. The public documents confirm the v...

FireStats window-add-excluded-ip.php 'edit' parameter XSS

The version of FireStats installed on the remote host fails to properly sanitize user-supplied input to the 'edit' parameter of the 'window-add-excluded-ip.php' script. An unauthenticated, remote attacker can leverage this issue to execute arbitrary script code in a user's browser. Note that this...