37 matches found
CVE-2026-34100
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...
CVE-2026-34098
Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php lines 119, 129. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...
EUVD-2026-18657
An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...
CVE-2026-26477
A flaw was found in Dokuwiki. A remote attacker can exploit this vulnerability by utilizing the mediauploadxhr function within the media.php file. This can lead to a denial of service DoS...
CVE-2026-26477
An issue in Dokuwiki v.2025-05-14b "Librarian" 56.2 allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...
CVE-2026-26477
Summary: CVE-2026-26477 affects Dokuwiki (version 2025-05-14b, Librarian). The vulnerability arises in the media_upload_xhr() function within media.php, enabling a remote attacker to cause a denial of service. Affected component: Dokuwiki media handling, specifically media.php’s media_upload_xhr(...
DokuWiki 安全漏洞
DokuWiki is an open-source, easy-to-use and versatile wiki software developed by DokuWiki. Version 2025-05-14b of DokuWiki contains a security vulnerability. This vulnerability stems from improper handling of the mediaUploadXHR function in the media.php file, which may lead to denial-of-service...
EUVD-2016-7444
Malware in sbrugna...
CVE-2025-9397 givanz Vvveb media.php unrestricted upload
A weakness has been identified in givanz Vvveb up to 1.0.7.2. Affected is an unknown function of the file /system/traits/media.php. Executing manipulation of the argument files can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public...
CVE-2023-41623
Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php...
CVE-2023-41623
Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php...
CVE-2023-41623
Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php...
Education Time Indonesian School CRM 1.7 SQL Injection
==================================================================================================================================== | Title : Education Time Indonesian School CRM v 1.7 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...
Information Disclosure
Wordpress is vulnerable to Information Disclosure. The vulnerability exists in the wpprepareattachmentforjs function in media.php where a remote attacker can modify the parameter authorname as part of a request to /wp-json/oembed/1.0/embed?url which would lead to path disclosure...
sjelesorgogveiledning.no XSS vulnerability
Open Bug Bounty ID: OBB-639582 Description| Value ---|--- Affected Website:| sjelesorgogveiledning.no Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
duluthgospeltab.org XSS vulnerability
Open Bug Bounty ID: OBB-613483 Description| Value ---|--- Affected Website:| duluthgospeltab.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
ebchurch.net XSS vulnerability
Open Bug Bounty ID: OBB-611011 Description| Value ---|--- Affected Website:| ebchurch.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2016-9891
Cross-site scripting XSS vulnerability in admin/media.php and admin/mediaitem.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or mediatitle parameter aka the media title...
Dotclear Directory Traversal Vulnerability
Dotclear is a software developer Olivier Meunier developed a free PHP and MySQL-based blog Blog publishing software. A directory traversal vulnerability exists in the media.php script in Dotclear version v2.9.1. An attacker can exploit this vulnerability by sending a request with the directory...
Jinzora <= 2.1 (media.php) Remote File Include Vulnerability
No description provided by source. Jinzora = 2.1 Remote File Inclusion Download Source : http://www.jinzora.com/downloads/j2.1.tar.gz Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; media.php bugs ; // include classes for extending. requireonce$includepath...