23 matches found
CVE-2026-35023
CVE-2026-35023 concerns Wimi Teamwork On-Premises versions prior to 8.2.0. The issue is an insecure direct object reference (IDOR) in the preview.php endpoint where the item_id parameter lacks proper authorization checks. Attackers can enumerate sequential item_id values to access and retrieve im...
EUVD-2008-3766
Malware in sbrugna...
EUVD-2008-0702
Malware in sbrugna...
EUVD-2008-4851
Malware in sbrugna...
EUVD-2006-2976
Malware in sbrugna...
CVE-2015-9461
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afpgetnewportfolioitempage SQL injection via the itemid parameter...
Zomato: [www.zomato.com] SQLi - /php/██████████ - item_id
Thanks @gerbenjavado for helping us keep @zomato secure : Thanks to the entire @Zomato team for doing this challenge. Its a pleasure to be back in the bug bounty game after a while. Introduction So I managed to find SQLi on https://www.zomato.com/php/██████████ in the POST parameter itemid...
CVE-2011-5186
Cross-site scripting XSS vulnerability in jbshop.php in the jbShop plugin for e107 7 allows remote attackers to inject arbitrary web script or HTML via the itemid parameter...
Sql injection
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the 1 userid parameter to feedback.php; and the itemid parameter to 2 viewfullsize.php, 3 classifidead.php, and 4 crosspromoteitems.php...
CVE-2009-3712
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the 1 userid parameter to feedback.php; and the itemid parameter to 2 viewfullsize.php, 3 classifidead.php, and 4 crosspromoteitems.php...
Sql injection
SQL injection vulnerability in classifidead.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the itemid parameter...
CVE-2008-5212
SQL injection vulnerability in classifidead.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the itemid parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the itemid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-4872
Cross-site scripting XSS vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the itemid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-4872
The CVE-2008-4872 entry describes a Cross-site scripting (XSS) vulnerability in the iTechBids Gold 5.0 product, specifically in the bidhistory.php script, where an attacker can inject arbitrary web script or HTML through the item_id parameter. The affected component is the bidhistory.php code pat...
CVE-2008-3780
SQL injection vulnerability in recommend.php in Five Star Review Script allows remote attackers to execute arbitrary SQL commands via the itemid parameter...
CVE-2008-0776
SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows remote attackers to execute arbitrary SQL commands via the itemid parameter...
Sql injection
SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows remote attackers to execute arbitrary SQL commands via the itemid parameter...
CVE-2008-0776
SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows remote attackers to execute arbitrary SQL commands via the itemid parameter...
Sql injection
SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the itemid parameter...