Lucene search
K

11651 matches found

Snyk
Snyk
added 2024/10/25 9:31 p.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through list method in curd\controller\Table.php file. An attacker can manipulate SQL queries and access or modify data in the database. Remediation There is no fixed version for funadmin/funadmin. References - GitHub Issu...

9.8CVSS7.9AI score0.00542EPSS
Exploits1References2
Snyk
Snyk
added 2024/10/25 9:31 p.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the edit method in controller\Table.php file. An attacker can manipulate SQL queries and access or modify data in the database. Remediation There is no fixed version for funadmin/funadmin. References - GitHub Issue...

9.8CVSS7.9AI score0.00561EPSS
Exploits1References2
Snyk
Snyk
added 2024/10/25 9:31 p.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the delfile method in controller\Index.php. An attacker can execute arbitrary SQL commands and delete files without proper authorization. Remediation There is no fixed version for funadmin/funadmin. References - GitHub...

9.1CVSS8.5AI score0.00537EPSS
Exploits1References2
Snyk
Snyk
added 2024/10/25 9:31 p.m.4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to improper input sanitization via the editfile method in \controller\Index.php file . An attacker can execute arbitrary SQL commands by injecting malicious SQL code into the input parameters. Remediation There is no...

8.3CVSS8.7AI score0.00644EPSS
Exploits1References2
Snyk
Snyk
added 2024/10/25 9:31 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to improper authorization through the fieldlist method in controller\Table.php file. An attacker can manipulate SQL queries and access or modify data in the database without. Remediation There is no fixed version for...

9.8CVSS7.9AI score0.00542EPSS
Exploits1References2
Snyk
Snyk
added 2024/10/25 9:31 p.m.4 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the getSystemTable and Delete methods in the common.php file. An attacker can disrupt service availability by exploiting this logic flaw to delete critical commands. Details Denial of Service DoS describes a...

8.7CVSS7.1AI score0.00531EPSS
Exploits1References2
NVD
NVD
added 2024/10/25 9:15 p.m.23 views

CVE-2024-48230

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...

9.8CVSS0.00472EPSS
Exploits1References1
OSV
OSV
added 2024/10/25 9:15 p.m.10 views

CVE-2024-48230

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...

7.2CVSS7.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/25 12:0 a.m.11 views

CVE-2024-48238

WTCMS 1.0 is vulnerable to SQL Injection in the editpost method of /Admin\Controller\NavControl.class.php via the parentid parameter...

8.3AI score0.00278EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.5 views

PT-2024-33041 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: funadmin version 5.0.2 Description: The issue is related to SQL Injection via the parentField parameter in the index method of backendcontrollerauthAuth.php. There is no information provided about the estimated number of potentially affected...

9.8CVSS8.2AI score0.00472EPSS
Exploits1References8
CVE
CVE
added 2024/10/25 12:0 a.m.54 views

CVE-2024-48238

CVE-2024-48238 affects WTCMS 1.0. The vulnerability is a SQL injection in the edit_post functionality implemented in /Admin/Controller/NavControl.class.php via the parentid parameter. The Red Hat, NVD, CVE listings corroborate the same description. Affected component: WTCMS 1.0; vulnerability typ...

4.7CVSS7.7AI score0.00278EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.4 views

PT-2024-32342 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned. Description: The issue is related to a possible out-of-bounds read in the ProtocolMiscHwConfigChangeAdapter::GetData function, located in protocolmiscadapter.cpp. This could lead to local...

5.5CVSS5.3AI score0.00076EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.5 views

PT-2024-33038 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: funadmin version 5.0.2 Description: An issue was found in the selectfiles method in backendcontrollersysAttachh.php, where it directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site...

6.1CVSS5.4AI score0.00268EPSS
Exploits1References8
Cvelist
Cvelist
added 2024/10/25 12:0 a.m.18 views

CVE-2024-48238

WTCMS 1.0 is vulnerable to SQL Injection in the editpost method of /Admin\Controller\NavControl.class.php via the parentid parameter...

0.00278EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/25 12:0 a.m.19 views

CVE-2024-48230

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...

0.00472EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.4 views

mipjz 安全漏洞

mipjz is a content management system based on Baidu Mobile Accelerator MIP developed by sansanyun individual developer. A security vulnerability exists in mipjz version 5.0.5, which originates from the mipPost method in appsettingcontrollerApiAdminTool.php that improperly handles the postAddress...

4.9CVSS6.9AI score0.00489EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/10/25 12:0 a.m.10 views

CVE-2024-48232

An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in a Server-side request forgery SSRF vulnerability that can read serv...

7AI score0.00489EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.8 views

PT-2024-33049 · Wtcms · Wtcms

Name of the Vulnerable Software and Affected Versions: WTCMS version 1.0 Description: The issue concerns SQL Injection in the edit post method of the /Admin/Controller/NavControl.class.php file via the parentid parameter. This allows for potential exploitation. Recommendations: For WTCMS version...

4.7CVSS8.2AI score0.00278EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/10/25 12:0 a.m.13 views

CVE-2024-48239

An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting XSS...

0.00229EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.3 views

wtcms 安全漏洞

wtcms is a ThinkPHP-based content management system CMS. A cross-site scripting vulnerability exists in version 1.0 of wtcms, which stems from unprocessed application parameters in the plupload method in the file AssetController.class.php, and can be exploited by an attacker to execute arbitrary...

4.8CVSS5.9AI score0.00229EPSS
Exploits1References1
Rows per page
Query Builder