KodiCMS SQL注入漏洞

KodiCMS is a content management system from Kohana KodiCMS open source. A SQL injection vulnerability exists in KodiCMS 13.82.135 and earlier versions, which originates from the incorrect operation of the like function on the parameter keyword in the Search API Endpoint component file...

CVE-2025-5439 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 verifyFacebookLike os command injection

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the...

BIT-CODEIGNITER-2022-40829

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orlike function...

CVE-2023-28506 Stack buffer overflow in UniRPC service

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow, where a string is copied into a buffer using a memcpy-like function and a user-provided length. This requires a valid login t...

CVE-2022-40829

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orlike function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40831

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php like function. Note: Multiple third parties have disputed this as not a valid vulnerability...

PT-2022-25561 · Unknown · Codeigniter

Name of the Vulnerable Software and Affected Versions: CodeIgniter versions =3.1.13 Description: The issue concerns SQL Injection via the or like function in the system/database/DB query builder.php file. Note that the validity of this issue has been disputed by multiple third parties...

Pornhub: Blind SQL injection and making any profile comments from any users to disappear using "like" function (2 in 1 issues)

Researcher found a blind SQL injection in the profile comment Like functionality, executing on the second request made for a given comment dislikes. Summary The injection was found manually, used discovery methods are basically the same as described in this awesome article by @gerbenjavado:...

IBM Forms Viewer Unicode Buffer Overflow

This Metasploit module exploits a stack-based buffer overflow in IBM Forms Viewer. The vulnerability is due to a dangerous usage of strcpy-like function, and occurs while parsing malformed XFDL files, with a long fontname value. This Metasploit module has been tested successfully on IBM Forms...