PT-2024-30196 · Unknown · Limesurvey

Name of the Vulnerable Software and Affected Versions: LimeSurvey versions 6.6.2 and earlier Description: An issue in the js localize.php function allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js localize.php function. This issue enables...

Sql injection

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter...

Sql injection

Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to 1 copy2.php, 2 localize.php, 3 metai.php, 4 nc.php, 5 new2.php, or 6 rename2.php in u5admin/; 7 c parameter to u5admin/editor.php; 8 typ parameter to...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the docroot parameter to 1 localize.php or 2 config.php in modules/admin/include/...

Firefly 1.1.01 - doc_root Remote File Inclusion

Firefly 1.1.01 - docroot Remote File Inclusion firefly 1.1.01 = Remote File Include Vulnerablitiy D.Script: http://fresh.t-systems-sfr.com/unix/src/privat2/firefly-1.1.01.tar.gz Discovered by: Alkomandoz Hacker Homepage: asb-may.net & mohandko.com & sniper-sa.com & Tryag.com...