11 matches found
CVE-2025-51656
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMSLink.php...
CVE-2023-45952
An arbitrary file upload vulnerability in the component ajaxlink.php of lylmespage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file...
SeaCMS 注入漏洞
SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. An injection vulnerability exists in SeaCMS 13.3 and earlier versions, which stems from an SQL injection due to the operation of the...
CVE-2025-24017 YesWiki Vulnerable to Unauthenticated DOM Based XSS
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn't...
PT-2024-17765 · Emlog Pro · Emlog Pro
Name of the Vulnerable Software and Affected Versions: Emlog Pro versions up to 2.4.1 Description: A problematic issue has been found in Emlog Pro, affecting some unknown functionality of the file /admin/link.php. The manipulation of the siteurl/icon argument leads to cross site scripting. The...
SUSE CVE-2023-49084
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...
UBUNTU-CVE-2023-49084
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...
SUSE CVE-2017-10970
Cross-site scripting XSS vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the diehtmlinputerror function in lib/htmlvalidate.php...
DEBIAN-CVE-2017-10970
Cross-site scripting XSS vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the diehtmlinputerror function in lib/htmlvalidate.php...
Arab Portal 2.0 Link.PHP SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/15820/info Arab Portal is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before using it in an SQL query. Successful exploitation could result in a...
PT-2005-4742 · Sapid · Sapid Cms
Name of the Vulnerable Software and Affected Versions: SAPID CMS versions prior to 1.2.3.03 Description: The issue allows remote attackers to bypass authentication by making direct requests to certain files, including insert file.php, insert image.php, insert link.php, insert qcfile.php, and...