74 matches found
CVE-2023-0626
CVE-2023-0626 affects Docker Desktop prior to 4.12.0, where an RCE vulnerability exists via query parameters in the message-box route. Root cause is an insecure handling of query parameters in the message-box endpoint, leading to remote code execution with high impact on confidentiality, integrit...
Docker Desktop 代码注入漏洞
Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...
Forget Heart Message Box SQL Injection Vulnerability (CNVD-2023-08089)
Forget Heart Message Box is a message site. v1.1 of Forget Heart Message Box contains a security vulnerability that originates from a SQL injection vulnerability found through the name parameter in /admin/loginpost.php. No detailed vulnerability details are available at this time...
Forget Heart Message Box SQL Injection Vulnerability
Forget Heart Message Box is a messaging website. v1.1 of Forget Heart Message Box is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the name parameter of ca.php. An attacker could use this vulnerability to execute illegal SQL commands to ste...
CVE-2023-24956
Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php...
CVE-2023-24241
Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php...
Sql injection
Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php...
CVE-2023-24956
Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php...
CVE-2023-24956
Forget Heart Message Box v1.1 has a SQL injection vulnerability in the name parameter of the /cha.php endpoint. The issue is publicly described across multiple sources (CNVD, CNNVD, NVD, Red Hat, OSV, etc.) with CVSS v3.1 base score 8.8 (HIGH) and impact to confidentiality, integrity, and availab...
CVE-2023-24241
Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php...
CVE-2023-24241
ForForget Heart Message Box v1.1, a SQL injection vulnerability exists in the admin/loginpost.php endpoint, exploitable via the name parameter. The CVE entry and multiple connected sources consistently describe this issue without detailing a fix. The associated CVSS v3.1 data indicate a critical ...
PT-2023-19495 · Unknown · Forget Heart Message Box
Name of the Vulnerable Software and Affected Versions: Forget Heart Message Box version 1.1 Description: A SQL injection issue was discovered via the name parameter at the "/admin/loginpost.php" API endpoint. This allows for potential exploitation. No information is available regarding the...
CVE-2023-24241
Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php...
CVE-2023-24241
Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php...
CVE-2023-24956
Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php...
PT-2023-19838 · Unknown · Forget Heart Message Box
Name of the Vulnerable Software and Affected Versions: Forget Heart Message Box version 1.1 Description: A SQL injection issue was discovered in Forget Heart Message Box via the name parameter at the "/cha.php" API endpoint. Recommendations: For Forget Heart Message Box version 1.1, consider...
Product Show Room Site 安全漏洞
Product Show Room Site is a product showroom site from Carlo Montero's personal developer. version 1.0 of Product Show Room Site is vulnerable to cross-site scripting, which stems from the fact that entering a special string into the Message text box leads to cross-site scripting. No details of t...
CVE-2021-3279
sz.chat version 4 allows injection of web scripts and HTML in the message box...
CVE-2021-3279
sz.chat version 4 allows injection of web scripts and HTML in the message box...
CVE-2021-3279
sz.chat version 4 allows injection of web scripts and HTML in the message box...