41 matches found
EUVD-2020-24029
Malware in sbrugna...
EUVD-2020-24027
Malware in sbrugna...
EUVD-2020-24028
Malware in sbrugna...
EUVD-2022-34931
Malicious code in bioql PyPI...
CVE-2025-8528
A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possible to launch the attack remotely. The...
CVE-2023-1594
A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. Affected is the function MenuService of the file sys/menu/list. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...
CVE-2022-38285
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list...
CVE-2022-2686
A vulnerability, which was classified as problematic, was found in oretnom23 Fast Food Ordering System. This affects an unknown part of the component Menu List Page. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The...
CVE-2020-36553
Cross Site Scripting XSS vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Areafoodtype field to /dashboard/menu-list.php...
CVE-2025-0698
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been classified as critical. Affected is an unknown function of the file /admin/sys/menu/list. The manipulation of the argument sort/order leads to sql injection. It is possible to launch the...
CVE-2025-0698
CVE-2025-0698 affects JoeyBling bootplus, with a SQL injection in the internal endpoint /admin/sys/menu/list caused by manipulating the sort/order parameter. The vulnerability is exploitable remotely and has publicly disclosed exploits. Affected is an unknown function within the file; no version ...
bootplus 注入漏洞
bootplus is a permission management framework by JoeyBling Personal Developer. An injection vulnerability exists in bootplus, which stems from the parameter sort/order in the file /admin/sys/menu/list that causes SQL injection...
PT-2025-4007 · Joeybling · Bootplus
Name of the Vulnerable Software and Affected Versions: JoeyBling bootplus versions up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d Description: A critical issue has been found, allowing for remote SQL injection. The manipulation of the sort/order argument in an unknown function of the file...
SpringBlade SQL注入漏洞
SpringBlade is a microservices development platform from Blade, a Chinese company. A SQL injection vulnerability exists in SpringBlade version 4.1.0, which originates from /api/blade-system/menu/list?updatexml contains a SQL injection vulnerability...
CVE-2023-41443
SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list...
PT-2023-27946 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: Novel-Plus version 4.1.0 Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in the "/sys/menu/list" API endpoint. This enables the attacker to inject malicious SQL code,...
Novel-Plus SQL Injection Vulnerability
Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A security vulnerability exists in Novel-Plus version v.4.1.0 that originates from a vulnerability that allows remote attackers to use a crafted script to execute arbitrary code via the sort parameter in...
CVE-2023-1594
CVE-2023-1594 affects novel-plus 3.6.2, specifically the MenuService in sys/menu/list. The root cause is improper handling of the sort argument, enabling SQL injection. Exploitation is possible remotely, and public exploit information exists. Several sources (NVD, Red Hat, CNNVD, OSV, etc.) concu...
PT-2023-17103 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: novel-plus version 3.6.2 Description: A critical vulnerability was found in the function MenuService of the file sys/menu/list. The manipulation of the argument sort leads to SQL injection. It is possible to launch the attack remotely...
novel-plus SQL注入漏洞
novel-plus novel-plus is a multi-end PC, WAP reading, full-featured original literature CMS system. A SQL injection vulnerability exists in novel-plus version 3.6.2, which originates from a security issue in the function MenuService in file sys/menu/list, which leads to an SQL injection via the...