CVE-2024-11050 AMTT Hotel Broadband Operation System language.php cross site scripting

A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. The attack may be...

PT-2024-16724 · Unknown · Amtt Hotel Broadband Operation System

Name of the Vulnerable Software and Affected Versions: AMTT Hotel Broadband Operation System versions up to 3.0.3.151204 Description: A vulnerability was found in the processing of the file /language.php, where the manipulation of the arguments LangID, LangName, and LangEName leads to cross-site...

Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-language.php by adding a question mark ? followed by the payload...

CVE-2020-10396

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-language.php by adding a question mark ? followed by the payload...

Sql injection

AbanteCart 1.2.8 allows SQL Injection via the sourcelanguage parameter to admin/controller/pages/localisation/language.php and core/lib/languagemanager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php...

CVE-2016-10755

AbanteCart 1.2.8 allows SQL Injection via the sourcelanguage parameter to admin/controller/pages/localisation/language.php and core/lib/languagemanager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php...

CVE-2017-2123

Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php...

Cross site scripting

Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php...

CVE-2017-2123

Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php...

CVE-2017-2123

CVE-2017-2123 is a cross-site scripting (CWE‑79) vulnerability affecting OneThird CMS v1.73 Heaven’s Door and earlier, exploitable via language.php to execute arbitrary scripts in a user’s browser. Public sources (JVN/JVNDB, NVD) confirm the impact as arbitrary script execution and recommend upda...

CVE-2017-7320

setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service cookie quota exhaustion, or conduct HTTP Response Splitting attacks with resulta...

Campsite 2.6.1 Language.php g_documentRoot Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. Exploiting this issue allows remote attackers to execute code in the context of the webserver. This issue affects Campsite 2.6.1. Earlier...

LimeSurvey <= 1.52 (language.php) Remote File Inclusion Vulnerability

No description provided by source. \|/// \ - - // Xmors Underground Group @ @ ----oOOo---oOOo-------------------------------------------------- Portal : LimeSurvey PHPSurveyor 1.52 plusbuild 2007.10.16 Download :...

VerliAdmin <= 0.3 (language.php) Local File Inclusion Exploit

No description provided by source. !/usr/bin/perl VerliAdmin = 0.3 Remote Command Execution Exploit linK : http://bohyn.czechweb.cz/ d0rk: allinurl:verliadmin cod3d and f0unded by Kw3RLn from Romanian Security Team a.K.A http://RST-CREW.NET Contact: ciriboflacsATYaHOo.com or [email protected]...

AShop 5.3.4 Cross Site Scripting

HTTPCS Advisory : HTTPCS104 Product : AShop Version : 5.3.4 Date : 2012-09-20 Criticality level : Less Critical Description : A vulnerability has been discovered in AShop, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'language' parameter...

eFront 3.5.5 - &#039;langname&#039; Local File Inclusion

source: https://www.securityfocus.com/bid/38787/info eFront is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the...

CVE-2009-1912

Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. dot dot in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php...

cpanel-bypass.txt

Script : Cpanel 11.x bug : language.php edite file exploit=Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass" safemode off , modsecurity off Disable functions : All NONE ,access root folder '; fwrite$h,$prctl; fclose$h; $handle = fopen$POST'php', "w"; fwrite$handle,...

LimeSurvey &lt;= 1.52 (language.php) Remote File Inclusion Vulnerability

No description provided by source. \|/// \ - - // Xmors Underground Group @ @ ----oOOo---oOOo-------------------------------------------------- Portal : LimeSurvey PHPSurveyor 1.52 plusbuild 2007.10.16 Download :...

FrontAccounting 1.13 Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ========================================================== FrontAccounting 1.13 Remote File Inclusion Vulnerabilities ========================================================== ?????????? ??????????????? ???????????????????...