Lucene search
+L

356 matches found

OSV
OSV
added 2025/12/22 1:16 a.m.5 views

CVE-2025-15004

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

8.8CVSS5.7AI score0.00302EPSS
Exploits1References4
NVD
NVD
added 2025/12/22 1:16 a.m.5 views

CVE-2025-15004

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

8.8CVSS0.00302EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/22 12:2 a.m.3 views

CVE-2025-15004 DedeCMS freelist_main.php sql injection

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

6.5CVSS6.8AI score0.00302EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/11/08 12:55 a.m.8 views

CVE-2025-63689

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...

10CVSS8.8AI score0.00839EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/07 6:30 p.m.5 views

EUVD-2025-38273

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...

10CVSS8.2AI score0.00839EPSS
Exploits1References3
NVD
NVD
added 2025/11/07 4:15 p.m.7 views

CVE-2025-63689

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...

10CVSS0.00839EPSS
Exploits1References3
OSV
OSV
added 2025/11/07 3:15 p.m.5 views

CVE-2025-12860

A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

7.2CVSS5.7AI score0.00296EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/07 3:2 p.m.15 views

CVE-2025-12860 DedeBIZ freelist_main.php sql injection

A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

5.8CVSS0.00296EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/07 3:2 p.m.5 views

EUVD-2025-38254

A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

5.8CVSS6.5AI score0.00296EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/07 12:0 a.m.10 views

CVE-2025-63689

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...

0.00839EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.16 views

DedeBIZ 安全漏洞

DedeBIZ is a content management system from China Muyun Intelligence DedeBIZ company. A security vulnerability exists in DedeBIZ 6.3.2 and earlier versions, which stems from an incorrect manipulation of the parameter orderby in the file /admin/freelistmain.php, which could lead to a SQL injection...

7.2CVSS5.5AI score0.00296EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2025/11/07 12:0 a.m.3 views

CVE-2025-63689

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...

10CVSS6.3AI score0.00839EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.3 views

money-pos 安全漏洞

money-pos McNee Cashiering System is a cashiering system by the individual developer of McNeeMoney. A security vulnerability exists in money-pos, which stems from a SQL injection vulnerability in the orderby parameter that could lead to the execution of arbitrary code...

10CVSS8AI score0.00839EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/07 12:0 a.m.2 views

CVE-2025-63689

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...

8.4AI score0.00839EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.7 views

PT-2025-45449

Name of the Vulnerable Software and Affected Versions ycf1998 money-pos system versions prior to commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 Description The ycf1998 money-pos system contains multiple SQL injection vulnerabilities. A remote attacker can potentially execute arbitrary...

10CVSS6.3AI score0.00839EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.7 views

PT-2025-45425

Name of the Vulnerable Software and Affected Versions DedeBIZ versions up to 6.3.2 Description A flaw exists in DedeBIZ that allows for remote SQL injection. The issue is located in the /admin/freelist main.php file, within an unknown function. Manipulating the orderby argument can trigger the...

5.8CVSS5AI score0.00296EPSS
Exploits0References6
CVE
CVE
added 2025/11/07 12:0 a.m.28 views

CVE-2025-63689

CVE-2025-63689 affects the ycf1998 money-pos system prior to commit 11f276bd20a41f089298d804e43cb1c39d041e59. Multiple SQL injection vulnerabilities exist in the orderby parameter, enabling a remote attacker to execute arbitrary code. Root cause: unsafely constructed SQL with user-controlled orde...

10CVSS8.4AI score0.00839EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/11/07 12:0 a.m.7 views

CVE-2025-63689

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...

10CVSS6.3AI score0.00839EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/10/23 9:13 a.m.12 views

CVE-2025-10047

The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.15 due to insufficient escaping on the user supplied parameter and...

4.9CVSS5.9AI score0.00334EPSS
Exploits0References1
NVD
NVD
added 2025/10/22 9:15 a.m.6 views

CVE-2025-10047

The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.15 due to insufficient escaping on the user supplied parameter and...

4.9CVSS0.00334EPSS
Exploits0References2
Rows per page
Query Builder