Lucene search
K

37 matches found

NVD
NVD
added 2026/07/01 5:16 p.m.6 views

CVE-2026-34100

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...

9.8CVSS0.00373EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:4 p.m.6 views

CVE-2026-34098

Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php lines 119, 129. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/03 3:30 p.m.6 views

EUVD-2026-18657

An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...

7.5CVSS5.9AI score0.00452EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/03 3:21 p.m.5 views

CVE-2026-26477

A flaw was found in Dokuwiki. A remote attacker can exploit this vulnerability by utilizing the mediauploadxhr function within the media.php file. This can lead to a denial of service DoS...

7.5CVSS5.9AI score0.00452EPSS
Exploits1References2
NVD
NVD
added 2026/04/03 3:16 p.m.4 views

CVE-2026-26477

An issue in Dokuwiki v.2025-05-14b "Librarian" 56.2 allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...

7.5CVSS0.00452EPSS
Exploits1References2
CVE
CVE
added 2026/04/03 12:0 a.m.17 views

CVE-2026-26477

Summary: CVE-2026-26477 affects Dokuwiki (version 2025-05-14b, Librarian). The vulnerability arises in the media_upload_xhr() function within media.php, enabling a remote attacker to cause a denial of service. Affected component: Dokuwiki media handling, specifically media.php’s media_upload_xhr(...

7.5CVSS5.9AI score0.00452EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.11 views

DokuWiki 安全漏洞

DokuWiki is an open-source, easy-to-use and versatile wiki software developed by DokuWiki. Version 2025-05-14b of DokuWiki contains a security vulnerability. This vulnerability stems from improper handling of the mediaUploadXHR function in the media.php file, which may lead to denial-of-service...

7.5CVSS5.8AI score0.00452EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-7444

Malware in sbrugna...

6.1CVSS6.3AI score0.013EPSS
Exploits0References6
OSV
OSV
added 2025/08/24 11:2 p.m.5 views

CVE-2025-9397 givanz Vvveb media.php unrestricted upload

A weakness has been identified in givanz Vvveb up to 1.0.7.2. Affected is an unknown function of the file /system/traits/media.php. Executing manipulation of the argument files can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public...

5.3CVSS6.2AI score0.00454EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/23 4:17 a.m.13 views

CVE-2023-41623

Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php...

7.2CVSS8.3AI score0.0084EPSS
Exploits1
NVD
NVD
added 2023/12/12 9:15 a.m.35 views

CVE-2023-41623

Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php...

7.2CVSS0.0084EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.37 views

CVE-2023-41623

Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php...

7.4AI score0.0084EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.318 views

Education Time Indonesian School CRM 1.7 SQL Injection

==================================================================================================================================== | Title : Education Time Indonesian School CRM v 1.7 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...

7.1AI score
Exploits0
Veracode
Veracode
added 2019/05/24 4:34 p.m.17 views

Information Disclosure

Wordpress is vulnerable to Information Disclosure. The vulnerability exists in the wpprepareattachmentforjs function in media.php where a remote attacker can modify the parameter authorname as part of a request to /wp-json/oembed/1.0/embed?url which would lead to path disclosure...

5.3CVSS5.2AI score0.03008EPSS
Exploits0References4Affected Software2
Openbugbounty
Openbugbounty
added 2018/07/02 7:21 p.m.12 views

sjelesorgogveiledning.no XSS vulnerability

Open Bug Bounty ID: OBB-639582 Description| Value ---|--- Affected Website:| sjelesorgogveiledning.no Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Openbugbounty
Openbugbounty
added 2018/05/07 4:37 p.m.14 views

duluthgospeltab.org XSS vulnerability

Open Bug Bounty ID: OBB-613483 Description| Value ---|--- Affected Website:| duluthgospeltab.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Openbugbounty
Openbugbounty
added 2018/05/02 8:36 a.m.10 views

ebchurch.net XSS vulnerability

Open Bug Bounty ID: OBB-611011 Description| Value ---|--- Affected Website:| ebchurch.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
UbuntuCve
UbuntuCve
added 2016/12/29 6:59 p.m.20 views

CVE-2016-9891

Cross-site scripting XSS vulnerability in admin/media.php and admin/mediaitem.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or mediatitle parameter aka the media title...

5.4CVSS6.2AI score0.0096EPSS
Exploits0References6
CNVD
CNVD
added 2016/09/29 12:0 a.m.4 views

Dotclear Directory Traversal Vulnerability

Dotclear is a software developer Olivier Meunier developed a free PHP and MySQL-based blog Blog publishing software. A directory traversal vulnerability exists in the media.php script in Dotclear version v2.9.1. An attacker can exploit this vulnerability by sending a request with the directory...

7AI score
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.35 views

Jinzora <= 2.1 (media.php) Remote File Include Vulnerability

No description provided by source. Jinzora = 2.1 Remote File Inclusion Download Source : http://www.jinzora.com/downloads/j2.1.tar.gz Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; media.php bugs ; // include classes for extending. requireonce$includepath...

7.1AI score
Exploits0
Rows per page
Query Builder