Lucene search
K

365 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:27 a.m.4 views

CVE-2015-9460

The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter...

8.8CVSS8.1AI score0.01927EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:5 a.m.6 views

CVE-2016-10755

AbanteCart 1.2.8 allows SQL Injection via the sourcelanguage parameter to admin/controller/pages/localisation/language.php and core/lib/languagemanager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php...

8.8CVSS8.2AI score0.01346EPSS
Exploits0References1
OSV
OSV
added 2025/05/19 3:15 p.m.3 views

CVE-2024-55063

Multiple Code Injection vulnerabilities in EasyVirt DC NetScope = 8.7.0 allows remote authenticated attackers to execute arbitrary code via the 1 lang parameter to /international/keyboard/options; the 2 keyboardlayout or 3 keyboardvariant parameter to /international/settings/keyboard; the 4...

8.8CVSS6.1AI score0.00916EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.26 views

Siemens SENTRON 7KT PAC1260 Data Manager 操作系统命令注入漏洞

Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy management from Siemens Germany. The Siemens SENTRON 7KT PAC1260 Data Manager suffers from an OS command injection vulnerability that stems from not cleaning up the language parameter of a specific POST request,...

9.4CVSS8.3AI score0.00864EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.5 views

PT-2025-37376

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description The Chamilo learning management system has an OS Command Injection issue. This occurs due to a failure to neutralize special elements used in the operating system command. Successful exploitation...

8.7CVSS6.3AI score0.02657EPSS
Exploits1References11
OSV
OSV
added 2025/02/21 4:15 a.m.1 views

CVE-2024-13235

The Pinpoint Booking System – 1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'language' parameter in all versions up to, and including, 2.9.9.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

6.5CVSS7.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/21 12:0 a.m.5 views

PT-2025-7339 · WordPress · Pinpoint Booking System

Name of the Vulnerable Software and Affected Versions: The Pinpoint Booking System – 1 WordPress Booking Plugin versions up to, and including, 2.9.9.5.2 Description: The issue allows authenticated attackers with Subscriber-level access and above to perform SQL Injection via the language parameter...

6.5CVSS9.7AI score0.00359EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.5 views

Cianet ONU GW24AC 代码注入漏洞

The Cianet ONU GW24AC is a network device from Cianet. A code injection vulnerability exists in the Cianet ONU GW24AC version 20250127 and prior versions, which stems from the fact that incorrect operation of the parameter browserLang can lead to cross-site scripting attacks...

5.3CVSS4.9AI score0.00383EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/10 12:0 a.m.5 views

AMTT Hotel Broadband Operation System 代码注入漏洞

AMTT Hotel Broadband Operation System is a hotel broadband operation system from China's AmTech Century AMTT. A code injection vulnerability exists in AMTT Hotel Broadband Operation System HiBOS 3.0.3.151204 and earlier versions, which originates from the parameter LangID/LangName/LangEName in th...

5.4CVSS4.8AI score0.00379EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/10/03 12:0 a.m.1 views

PT-2024-40155 · Saltcorn · Saltcorn

Name of the Vulnerable Software and Affected Versions: Saltcorn versions prior to a fixed version are affected, but the exact fixed version is not specified. Description: The issue arises from the unsafe use of the lang and defstring parameter values in the...

8.6CVSS8.8AI score
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2024/09/19 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-27982

IceWarp 11.4.5.0 allows XSS via the language parameter...

6.1CVSS5.8AI score0.05272EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.6 views

i-doit 跨站脚本漏洞

i-doit is a configuration management database software from i-doit Inc. A cross-site scripting vulnerability exists in i-doit pro that stems from a lack of proper cleanup of the id, lang, mNavID, name, pID, treeNode, type, and view parameters...

6.1CVSS6.1AI score0.00226EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/02 4:50 p.m.26 views

CVE-2024-45312 Arbitrary language parameter can passed to `aspell` executable via spelling requests in overleaf

Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 or 4.2.7 for the 4.x series contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the aspell executable running on the...

5.3CVSS0.00478EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/18 12:0 a.m.5 views

PT-2024-6487 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200L version 9.3.5u.6146 B20201023 Description: A critical vulnerability has been found in the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to a stack-based buffer...

9.8CVSS8.8AI score0.01475EPSS
Exploits1References14
VulnCheck KEV
VulnCheck KEV
added 2024/04/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-47945

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...

9.8CVSS7.4AI score0.15505EPSS
Exploits2References1
Snyk
Snyk
added 2024/03/29 2:41 p.m.1 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' due to the usage of un-sanitized string values into metric names or labels. An attacker could exploit this by sending a ?lang query paramet...

7.4CVSS6.7AI score0.00645EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/03/25 12:0 a.m.4 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven Frequently Asked Questions FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ, which stems from the category image upload feature in phpmyfaq being susceptible to manipulation of the Content-type and...

7.2CVSS5.4AI score0.01476EPSS
Exploits1References3
OSV
OSV
added 2024/03/21 7:15 p.m.3 views

UBUNTU-CVE-2024-29374

A Cross-Site Scripting XSS vulnerability exists in the way MOODLE 3.10.9 handles user input within the "GET /?lang=" URL parameter...

6.1CVSS5.8AI score0.00533EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.3 views

WordPress Plugin File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

8.8CVSS8.4AI score0.10651EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/01/22 12:0 a.m.6 views

The vulnerability of the setLanguageCfg() function (/cgi-bin/cstecgi.cgi) in the Totolink LR1200GB router software allows a attacker to execute arbitrary code or cause a service failure.

The vulnerability of the setLanguageCfg function /cgi-bin/cstecgi.cgi of the Totolink LR1200GB router software lies in the fact that the operation is carried out outside the buffer in memory when processing the lang parameter. Exploiting this vulnerability allows an attacker to execute arbitrary...

10CVSS8.2AI score0.00992EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder