26 matches found
EUVD-2018-10453
Malware in sbrugna...
EUVD-2020-11850
Malware in sbrugna...
EUVD-2023-59367
Malicious code in bioql PyPI...
CVE-2023-7184
A vulnerability was found in 7-card Fakabao up to 1.0build20230805 and classified as critical. Affected by this issue is some unknown functionality of the file shop/notify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to the public and may...
CVE-2024-30565
An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php...
CVE-2024-30565
SeaCMS 12.9 is affected by a remote code execution vulnerability exploitable via the admin notify.php endpoint. Public records confirm impact on SeaCMS and mention arbitrary code execution through this endpoint, but the provided documents do not specify a concrete exploit vector, affected version...
CVE-2024-30565
An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php...
CVE-2024-30565
An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php...
Sql injection
A vulnerability was found in 7-card Fakabao up to 1.0build20230805. It has been declared as critical. This vulnerability affects unknown code of the file member/notify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to the public and may be...
CVE-2023-7186 7-card Fakabao notify.php sql injection
A vulnerability was found in 7-card Fakabao up to 1.0build20230805. It has been declared as critical. This vulnerability affects unknown code of the file member/notify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to the public and may be...
CVE-2023-7186
CVE-2023-7186 affects 7-card Fakabao up to version 1.0_build20230805, with a vulnerability in member/notify.php. The issue arises from improper handling of the out_trade_no argument, enabling SQL injection. Multiple sources (NVD/NVD-enriched records and related feeds) confirm this is a public, di...
CVE-2023-7184
A vulnerability was found in 7-card Fakabao up to 1.0build20230805 and classified as critical. Affected by this issue is some unknown functionality of the file shop/notify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to the public and may...
Sql injection
A vulnerability was found in 7-card Fakabao up to 1.0build20230805 and classified as critical. Affected by this issue is some unknown functionality of the file shop/notify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to the public and may...
CVE-2023-7184 7-card Fakabao notify.php sql injection
A vulnerability was found in 7-card Fakabao up to 1.0build20230805 and classified as critical. Affected by this issue is some unknown functionality of the file shop/notify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to the public and may...
CVE-2023-7184
CVE-2023-7184 affects 7-card Fakabao up to 1.0_build20230805 with a SQL injection in shop/notify.php via the out_trade_no parameter. Exploitation has been disclosed publicly. The connected sources confirm the vulnerable file and argument, but do not provide a confirmed patch version. Practical im...
Code injection
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin notify.php component...
CVE-2023-44846
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin notify.php component...
CVE-2020-19954
An XML External Entity XXE vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files...
CVE-2020-19954
CVE-2020-19954 : An XML External Entity (XXE) vulnerability affects S-CMS 3.0, specifically the /api/notify.php endpoint, enabling an attacker to read arbitrary files. Root cause: XXE in XML processing. Documented impact across sources (NVD, CNVD, Red Hat). CVSS v3.1 base score 7.5 (HIGH); CVSS v...
Design/Logic Flaw
An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexmlloadstring. This can also be used for SSRF...