CVE-2018-25387

HaPe PKH 1.1 is affected by a cross-site request forgery (CSRF) vulnerability in the aksi_user.php endpoint that enables an attacker to change administrator passwords without authentication by submitting forged requests with parameters such as id_user, password, and level. The vulnerability descr...

gougucms 安全漏洞

Gougucms is an open-source backend management framework developed by Gougu in China, based on ThinkPHP6, Layui, and MySql. Version 4.08.18 of Gougucms contains a security vulnerability. This vulnerability stems from incorrect handling of the parameter “level” in the file...

CVE-2025-58386

In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper server-side authorization checks. A Power User can intercept and modify this parameter to assign the Administrator role to other existing lower-privileged accounts, or invite a new...

EUVD-2017-15877

Malware in sbrugna...

EUVD-2022-48117

Malicious code in bioql PyPI...

CVE-2025-57058

Tenda G3 v3.0brV15.11.0.17 was discovered to contain multiple stack overflows in the formSetDebugCfg function via the pEnable, pLevel, and pModule parameters. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-57058

Affected software: Tenda G3 (v3.0br_V15.11.0.17). Vulnerability: stack overflow in the formSetDebugCfg function, exploitable via the pEnable, pLevel, and pModule parameters. Impact: Denial of Service (DoS) via a crafted request. Notes: Multiple connected documents confirm the function and paramet...

Exploit for SQL Injection in Piwigo

CVE-2024-43018 - x Assign an ID - Be officially populate...

Piwigo 安全漏洞

Piwigo is Piwigo open source a set of Web-based open source image library software. The software includes features such as image management, image categorization and permission management. A security vulnerability exists in Piwigo 13.8.0 and earlier versions, which stems from the unvalidated...

Online Course Registration /admin/level.php File SQL Injection Vulnerability

Online Course Registration is an online course registration system. Online Course Registration suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter level in the file /admin/level.php. An attacker can exploit...

CVE-2025-4773

A vulnerability was found in PHPGurukul Online Course Registration 3.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/level.php. The manipulation of the argument level leads to sql injection. The attack may be launched remotely. The exploit has...

CVE-2025-44866

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

Tenda W20E 安全漏洞

The Tenda W20E is a router from the Chinese company Tenda. The Tenda W20 suffers from a command injection vulnerability that stems from the formSetDebugCfg function level parameter failing to properly filter construct command special characters, commands, and so on. No details of the vulnerabilit...

CVE-2025-44866

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2023-51063

QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting XSS vulnerability within the component qnme-ajax?method=treelevel...

PT-2023-22453 · Unknown · Agasio-Camera

Name of the Vulnerable Software and Affected Versions: Agasio-Camera affected versions not specified Description: An issue in the Agasio-Camera device allows a remote attacker to execute arbitrary code via the check and authLevel parameters. Recommendations: At the moment, there is no information...

Agasio-Camera 安全漏洞

Dericam Agasio-Camera is a series of camera surveillance devices from Dericam Technology Dericam, a Chinese company. A security vulnerability exists in Agasio-Camera that originates from allowing remote attackers to execute arbitrary code via the check and authLevel parameters...

SUSE CVE-2012-5833

The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute...

CVE-2022-45217

A cross-site scripting XSS vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module...

Cross site scripting

A cross-site scripting XSS vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module...