CVE-2025-58402

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...

EUVD-2025-208150

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...

CVE-2026-3185

A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass. The attack can be launched remotely. The exploi...

EUVD-2005-3870

Malware in sbrugna...

magicflue file upload vulnerability

magicflue is a digital nervous system of China magicflue company, which can support the integration of complex business scenarios and complex IT environment without code platform. A file upload vulnerability exists in magicflue, which can be exploited by an attacker to execute arbitrary code via ...

CVE-2024-28441

File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint...

PT-2024-22437 · Magicflue · Magicflue

Name of the Vulnerable Software and Affected Versions: magicflue versions 7.0 and earlier Description: The issue allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the "mail/mailupdate.jsp" endpoint. This enables the attacker to potentially gain...

Sql injection

SQL injection vulnerability in silentumguestbook.php in Silentum Guestbook 2.0.2 allows remote attackers to execute arbitrary SQL commands via the messageid parameter...