CVE-2020-13825

A cross-site scripting XSS vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode parameter...

ThinkSAAS平衡权限漏洞二

简要描述： 权限控制.. 详细说明： 官网最新版存在平衡权限漏洞，进入用户自己的空间，修改基本信息： 添加“个人标签”，抓包，改包: 将objid修改为1，1是admin用户ID 登入admin查看个人标签： admin1的标签已经成了admin的标签.... 漏洞证明： https://images.seebug.org/upload/201503/10204855f2f51b9f73e4b6fcb7dbcd388a566d28.pn...

CVE-2014-1597

SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI...

Sql injection

SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI...

i-doit Pro 'objID'参数SQL注入漏洞

BUGTRAQ ID: 65557 CVECAN ID: CVE-2014-1597 i-doit Pro是开源的IT文档和CMDB。 i-doit Pro 1.2.4 及更早版本的Web应用中存在多个SQL注入漏洞，利用这些漏洞攻击者可以执行未授权数据库操作。 0 i-doit i-doit Pro 1.2.4 厂商补丁： i-doit ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.i-doit.org/ http://www.example.com/?objID=SQL Injection...

CVE-2008-0517

SQL injection vulnerability in index.php in the Darko Selesi EstateAgent comestateagent 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action...

Sql injection

SQL injection vulnerability in index.php in the Darko Selesi EstateAgent comestateagent 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action...