EUVD-2018-21952

No-Cms 1.0 contains an SQL injection vulnerability in the orderby parameter of the manageprivilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manageprivilege/index/export with malicious SQL code in the...

CVE-2018-25431

No-Cms 1.0 contains an SQL injection vulnerability in the orderby parameter of the manageprivilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manageprivilege/index/export with malicious SQL code in the...

CVE-2018-25431 No-Cms 1.0 SQL Injection via order_by Parameter

No-Cms 1.0 contains an SQL injection vulnerability in the orderby parameter of the manageprivilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manageprivilege/index/export with malicious SQL code in the...

No-CMS SQL injection vulnerability

No-CMS is a customizable content management framework developed by Go Frendi Gunawan. Version 1.0 of No-CMS has a SQL injection vulnerability. This vulnerability stems from the orderby parameter in the manageprivilege endpoint, which allows for SQL injection attacks. This could enable authenticat...

PT-2026-45622

No-Cms 1.0 contains an SQL injection vulnerability in the order by parameter of the manage privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manage privilege/index/export with malicious SQL code in the...

CVE-2022-32401

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manageprivilege.php:4...

CVE-2021-4292

A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/metadata/privileges/privilege.gsp of the component Manage Privilege Page. The manipulation leads to cross site...

Cross site scripting

A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/metadata/privileges/privilege.gsp of the component Manage Privilege Page. The manipulation leads to cross site...

CVE-2021-4292 OpenMRS Admin UI Module Manage Privilege Page privilege.gsp cross site scripting

A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/metadata/privileges/privilege.gsp of the component Manage Privilege Page. The manipulation leads to cross site...

CVE-2021-4292 OpenMRS Admin UI Module Manage Privilege Page privilege.gsp cross site scripting

A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/metadata/privileges/privilege.gsp of the component Manage Privilege Page. The manipulation leads to cross site...

CVE-2022-32401

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manageprivilege.php:4...

No-Cms 1.0 SQL Injection

Exploit Title: No-Cms 1.0 - 'orderby' SQL Injection Date: 2018-11-28 Exploit Author: Loading Kura Kura Vendor Homepage: https://github.com/goFrendiAsgard/No-CMS Software Link: https://codeload.github.com/goFrendiAsgard/No-CMS/zip/master Tested on: Win10/Kali Linux Google Dork: n/a Version: n/a CV...

CVE-2015-4494

CVE-2015-4494 concerns Firefox OS prior to 2.2 where the wifi-manage privilege is not required to read a Wi‑Fi system message. This information disclosure vulnerability allows a crafted app, potentially unauthenticated, to obtain sensitive information from the device by reading Wi‑Fi system messa...