356 matches found
CVE-2025-15004
A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...
CVE-2025-15004
A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...
CVE-2025-15004 DedeCMS freelist_main.php sql injection
A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...
CVE-2025-63689
Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...
EUVD-2025-38273
Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...
CVE-2025-63689
Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...
CVE-2025-12860
A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
CVE-2025-12860 DedeBIZ freelist_main.php sql injection
A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
EUVD-2025-38254
A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
CVE-2025-63689
Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...
DedeBIZ 安全漏洞
DedeBIZ is a content management system from China Muyun Intelligence DedeBIZ company. A security vulnerability exists in DedeBIZ 6.3.2 and earlier versions, which stems from an incorrect manipulation of the parameter orderby in the file /admin/freelistmain.php, which could lead to a SQL injection...
CVE-2025-63689
Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...
money-pos 安全漏洞
money-pos McNee Cashiering System is a cashiering system by the individual developer of McNeeMoney. A security vulnerability exists in money-pos, which stems from a SQL injection vulnerability in the orderby parameter that could lead to the execution of arbitrary code...
CVE-2025-63689
Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...
PT-2025-45449
Name of the Vulnerable Software and Affected Versions ycf1998 money-pos system versions prior to commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 Description The ycf1998 money-pos system contains multiple SQL injection vulnerabilities. A remote attacker can potentially execute arbitrary...
PT-2025-45425
Name of the Vulnerable Software and Affected Versions DedeBIZ versions up to 6.3.2 Description A flaw exists in DedeBIZ that allows for remote SQL injection. The issue is located in the /admin/freelist main.php file, within an unknown function. Manipulating the orderby argument can trigger the...
CVE-2025-63689
CVE-2025-63689 affects the ycf1998 money-pos system prior to commit 11f276bd20a41f089298d804e43cb1c39d041e59. Multiple SQL injection vulnerabilities exist in the orderby parameter, enabling a remote attacker to execute arbitrary code. Root cause: unsafely constructed SQL with user-controlled orde...
CVE-2025-63689
Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...
CVE-2025-10047
The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.15 due to insufficient escaping on the user supplied parameter and...
CVE-2025-10047
The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.15 due to insufficient escaping on the user supplied parameter and...