EUVD-2019-19798

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST requests to uyelik.php with crafted payloads in the option parameter to...

Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞

Jettweb PHP Preconfigured News Sites Script is a content management system developed by the Turkish company Jettweb. Version V1 of the Jettweb PHP Preconfigured News Sites Script has a SQL injection vulnerability. This vulnerability stems from the option parameter, which allows for SQL injection...

PT-2026-1228

Name of the Vulnerable Software and Affected Versions Tenda AC1206 version 15.03.06.23 Description A remote command injection issue exists in the formBehaviorManager function within the /goform/BehaviorManager file of the httpd component. Manipulation of the modulename/option/data/switch argument...

EUVD-2007-6421

Malware in sbrugna...

EUVD-2025-17650

Malicious code in bioql PyPI...

CVE-2025-40659

An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp...

CVE-2025-40660 Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS

An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0...

Dmacroweb DM Corporative CMS 安全漏洞

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which originates from the parameter option in the file /administer/selectionnode/selection.asp that fails to...

CVE-2024-8117

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selectedoption’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

PT-2024-38810 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.8 Description: The issue is related to Reflected Cross-Site Scripting via the selected option parameter due to insufficient input sanitizatio...

WordPress Plugin Booster for WooCommerce Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the configoption parameter in admconfigreport.php. An attacker can inject arbitrary web script or HTML by crafting a malicious 'configoption' parameter. Details...

DEBIAN-CVE-2021-22898

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

Mikaelbr Node-notifier Operating System Command Injection Vulnerability

Mikaelbr Node-notifier is a Javascript-based codebase for sending rulers for Mac, Windows, and Linux by the individual developer Mikaelbr. A security vulnerability exists in node-notifier versions prior to 9.0.0, which allows an attacker to exploit the vulnerability to run arbitrary commands on a...

Prototype Pollution

chart.js is vulnerable to prototype pollution. The vulnerability exists through the lack of sanitization of the options parameter, allowing an attacker to inject and overwrite arbitrary properties...

CVE-2019-9184

SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the productoption parameter...

Sql injection

SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the productoption parameter...

Blat 3.2.14 - Stack Overflow

Vulnerable Product Version: Blat v3.2.14 Link: blat.net 2. Vulnerability Information Impact: Attacker may gain administrative access / can perform a DOS Remotely Exploitable: No Locally Exploitable: May be possible 3. Product Details An open source Windows 32 & 64 bit command line SMTP mailer...

CVE-2007-6695

Cross-site scripting XSS vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter...