Sql injection

CMS Made Simple =2.2.15 is affected by SQL injection in modules/News/function.adminarticlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '...

CVE-2020-21808

SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php...

CVE-2010-4155

Multiple cross-site scripting XSS vulnerabilities in eXV2 CMS 2.10 allow remote attackers to inject arbitrary web script or HTML via the 1 rssfeedURL parameter to manual/caferss/example.php and the sumb parameter to 2 modules/news/archive.php, 3 modules/news/topics.php, and 4...

CVE-2007-6545

Multiple cross-site scripting XSS vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 the subject parameter to modules/news/submit.php; 2 the PATHINFO to modules/news/index.php, possibly related to the XoopsPageNav class; or 3 an avatar image...

CVE-2007-6079

Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the xoopsOptionpagetype parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product...