13 matches found
CVE-2026-48237
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frmticketid and frmrespid POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to...
CVE-2026-48237
Open ISES Tickets prior to 3.44.2 is vulnerable to a SQL injection in message.php. The vulnerability arises because the POST parameters frm_ticket_id and frm_resp_id are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization, allowing an authenticated attacker to alter q...
CVE-2026-8131
A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /admin/replymsg.php. The manipulation of the argument msgid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...
EUVD-2012-6587
Malware in sbrugna...
CVE-2025-10667
CVE-2025-10667 affects the itsourcecode Online Discussion Forum 1.0. The vulnerability is a SQL injection in the file /members/compose_msg.php caused by manipulation of the ID parameter, enabling remote exploitation. Multiple sources confirm the issue and publicly available exploit code may exist...
CVE-2025-10667 itsourcecode Online Discussion Forum compose_msg.php sql injection
A weakness has been identified in itsourcecode Online Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /members/composemsg.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...
CVE-2012-10046
The E-Mail Security Virtual Appliance ESVA tested on version ESVA2057 contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands...
CVE-2012-10046 E-Mail Security Virtual Appliance learn-msg.cgi Command Injection
The E-Mail Security Virtual Appliance ESVA tested on version ESVA2057 contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands...
CVE-2012-10046
The CVE-2012-10046 entry concerns the E-Mail Security Virtual Appliance (ESVA), tested on ESVA_2057, which contains an unauthenticated command-injection in the learn-msg.cgi CGI handler. The vulnerability stems from inadequate sanitization of user input in the id parameter, allowing arbitrary she...
PT-2025-32399 · Unknown · E-Mail Security Virtual Appliance
Name of the Vulnerable Software and Affected Versions: E-Mail Security Virtual Appliance ESVA version ESVA 2057 Description: The E-Mail Security Virtual Appliance ESVA contains an unauthenticated command injection issue in the learn-msg.cgi script. The CGI handler does not properly sanitize...
ESVA-Project E-Mail Security Virtual Appliance 安全漏洞
ESVA-Project E-Mail Security Virtual Appliance is an email security virtual appliance from ESVA-Project. A security vulnerability exists in the E-Mail Security Virtual Appliance, version ESVA2057, which stems from a learn-msg.cgi script that is not cleaned of user input and could lead to command...
Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a Thunderbird user replying to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute and the content attribute specifying an URL. Thunderbird started a...
PHPGroupWare < 0.9.16.007 Main Screen Message Script Injection
Binary data 3202.prm...