EUVD-2024-51147

Malicious code in bioql PyPI...

PT-2025-29497 · Semcms · Semcms

Name of the Vulnerable Software and Affected Versions: SemCms version 5.0 Description: SemCms version 5.0 contains a SQL injection issue via the lgid parameter at the SEMCMS Link.php file. Recommendations: As a temporary workaround, consider restricting access to the SEMCMS Link.php file to...

PT-2025-20665 · Unknown · Lylme Spage

Name of the Vulnerable Software and Affected Versions: LyLme Spage version 2.1 Description: A critical issue was found in LyLme Spage, affecting an unknown part of the file lylme spage/blob/master/admin/ajax link.php. The manipulation of the sort argument leads to SQL injection. It is possible to...

CVE-2024-12846

CVE-2024-12846 affects Emlog Pro up to version 2.4.1. The vulnerability lies in the /admin/link.php file where manipulating the siteurl/icon parameter enables cross-site scripting. The issue is exploitable remotely and, according to sources in the connected documents, the exploit has been disclos...

CVE-2024-36674

LyLmespage v1.9.5 is vulnerable to Cross Site Scripting XSS via admin/link.php...

CVE-2023-49084

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...

Sql injection

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...

CVE-2023-49084

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...

CVE-2023-49084

CVE-2023-49084 affects Cacti (component: link.php) via SQL injection and insufficient include-file path handling, enabling arbitrary code execution for an authorized user. Connected advisories note this as part of multiple vulnerabilities in Cacti; Fedora 39 and Debian advisories reference upgrad...

CVE-2023-49084

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...

CVE-2023-49084 Local File Inclusion (RCE) in Cacti

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...

CVE-2023-49084

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...

PT-2023-29771 · Unknown · Lylme Spage

Name of the Vulnerable Software and Affected Versions: lylme spage version 1.7.0 Description: An arbitrary file upload vulnerability in the component ajax link.php of lylme spage allows attackers to execute arbitrary code via uploading a crafted file. Recommendations: For lylme spage version 1.7....

Stored Cross-site Scripting (XSS)

phpmyfaq is vulnerable to Cross-site Scripting. The vulnerability exists due to a lack of validation in the user input of Link.php, which allows an attacker to inject and execute malicious Javascript into the browser...

Stored Xss in Question field due to lack of sanitization in Link.php

Description Stored XSS Cross-Site Scripting is a type of web application vulnerability that allows an attacker to inject malicious scripts into a website or web application. Unlike reflected XSS, where the malicious script is embedded in a URL and executed immediately, stored XSS involves the...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability is due to not sanitizing/escaping the values present in the attributes field of Link.php component . The attacker can inject the malicious payload javascript inside attributes field leading to XSS when same page is...

tekno.Portal 0.1b Cross Site Scripting

===================================================================== tekno.Portal v0.1b - Cross-Site Scripting Vulnerability in "link.php" ===================================================================== Exploit Title: tekno.Portal v0.1b - Cross-Site Scripting Vulnerability in "link.php"...

hellinglychurch.org.uk XSS vulnerability

Open Bug Bounty ID: OBB-451889 Description| Value ---|--- Affected Website:| hellinglychurch.org.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

langly.cc Open Redirect vulnerability

Vulnerable URL: http://www.langly.cc/link.php?url=https://openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.12.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| N...

FreeBSD : Cacti -- XSS (XSS) vulnerability in link.php (dc3c66e8-6a18-11e7-93af-005056925db4)

kimiizhang reports : Cross-site scripting XSS vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...