2 matches found
Unspecified Vulnerability in Emlog (CNVD-2023-9918065)
emlog is a PHP and MySQL based CMS builder for emlog personal developers. Emlog pro2.1.14 version of a security vulnerability, the vulnerability stems from the uid parameter in /admin/media.php contains SQL injection vulnerability. Attackers can use this vulnerability to gain unauthorized access ...
AVideo contains Command injection when embedding a video link
Impact: An attacker could execute remote code on a system running wwbn/avideo Step to Reproduce: 1. Go to the My Videos tab https://demo.avideo.com/mvideos 2. Click "Embed a video link" Append a command to the url as a query string. eg. ?whoami then click Save This issue has been resolved in comm...