CVE-2026-9065 Surecart - SQL Injection

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

CVE-2018-7233

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'modelname' or 'macaddress'...

Schneider Electric Pelco Sarix Professional Command Execution Vulnerability

The Schneider Electric Pelco Sarix Professional is a video surveillance device from Schneider Electric France. A security vulnerability in the Schneider Electric Pelco Sarix Professional using firmware prior to version 3.29.67 exists because the program fails to validate shell metacharacters with...

mcms最新版SQL注入4枚

简要描述： mcms最新版SQL注入4枚 详细说明： 在wooyun上看到掌易科技终于不再忽略漏洞了，我也来凑凑热闹吧。去下了mcms的最新版（v3.1.0.enterprise），来研究研究。 注入一枚：POST /app/public/model.php?tpl=data&modelname=adv&stype=1&skey=title&sval=test&p=1（注意public文件夹是安装系统时取的名字）post中有多个参数，都存在过滤不严的问题。 当tpl为attr时，modelname存在注入，当...