CVE-2026-3292

A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit ha...

EUVD-2009-1876

Malware in sbrugna...

CVE-2009-1880

Cross-site scripting XSS vulnerability in MT312 REP-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 model.php and 2 config.php with timestamps before 20090521...

PT-2024-38183 · Sourcecodester · Sourcecodester Lot Reservation Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Lot Reservation Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file /view model.php. The manipulation of the id argument leads to SQL injectio...

CVE-2024-24216

Zentao v18.0 to v18.10 was discovered to contain a remote code execution RCE vulnerability via the checkConnection method of /app/zentao/module/repo/model.php...

CVE-2015-10050 brandonfire miRNA_Database_by_PHP_MySql model.php count_rna sql injection

A vulnerability was found in brandonfire miRNADatabasebyPHPMySql. It has been declared as critical. This vulnerability affects the function construct/selectsinglerna/countrna of the file inc/model.php. The manipulation leads to sql injection. The patch is identified as...

CVE-2022-37112

BlueCMS 1.6 has SQL injection in line 55 of admin/model.php...

Sql injection

BlueCMS 1.6 has SQL injection in line 55 of admin/model.php...

CVE-2022-37112

BlueCMS 1.6 has SQL injection in line 55 of admin/model.php...

CVE-2022-37112

CVE-2022-37112 affects BlueCMS 1.6 and is due to an SQL injection in line 55 of admin/model.php. The CVSS metrics in the initial entry indicate a critical impact on confidentiality, integrity, and availability, with network access, low complexity, no user interaction required, and no privileges r...

PT-2022-23820 · Bluecms · Bluecms

Name of the Vulnerable Software and Affected Versions: BlueCMS version 1.6 Description: The issue is related to SQL injection, specifically located in line 55 of the admin/model.php file. Recommendations: For BlueCMS version 1.6, consider restricting access to the admin/model.php file until a pat...

SQL Injection

forkcms/forkcms is vulnerable to SQL Injection attacks. The vulnerability exists in deleteData function in Model.php due to lack of validations which allows a malicious user to inject and execute arbitrary SQL queries on the server...

CVE-2022-0210 Random Banner <= 4.1.4 Admin+ Stored Cross-Site Scripting

The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the /include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and...

Sql injection

A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php...

primemodels.co.za XSS vulnerability

Open Bug Bounty ID: OBB-617768 Description| Value ---|--- Affected Website:| primemodels.co.za Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2009-1881

Cross-site scripting XSS vulnerability in MT312 IMG-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to model.php with a timestamp before 20090521...

CVE-2009-1880

Cross-site scripting XSS vulnerability in MT312 REP-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 model.php and 2 config.php with timestamps before 20090521...

CVE-2009-1881

Cross-site scripting XSS vulnerability in MT312 IMG-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to model.php with a timestamp before 20090521...

JVN#70836284 IMG-BBS from MT312 vulnerable to cross-site scripting

IMG-BBS from MT312, is a web log system that supports posting picture files via email from a mobile phone. IMG-BBS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update the software to the latest...