DataEase 安全漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. DataEase versions 2.10.20 and earlier contain security vulnerabilities...

Microweber has a Cross-site Scripting vulnerability

Cross-site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

CVE-2009-0431

SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter...

CVE-2025-2625

A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /system/cms/content/page. The manipulation of the argument orderField/orderDirection leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...

CVE-2016-15007 Centralized-Salesforce-Dev-Framework SOQL SObjectService.cls SObjectService injection

A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDirection leads to...

PT-2023-10326 · Unknown · Centralized-Salesforce-Dev-Framework

Name of the Vulnerable Software and Affected Versions: Centralized-Salesforce-Dev-Framework affected versions not specified Description: A vulnerability was found in the Centralized-Salesforce-Dev-Framework, affecting the function SObjectService of the file src/classes/SObjectService.cls of the...

CVE-2009-0431

SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter...

Sql injection

SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter...

CVE-2009-0431

SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter...

CVE-2009-0431

The CVE-2009-0431 entry describes an SQL injection vulnerability in the Default.asp page of LinksPro Standard Edition . The flaw allows remote attackers to inject arbitrary SQL commands through the OrderDirection parameter, enabling potential data exposure or modification. The issue is evidenced ...

LinksPro SQL Injection

--------------------------------------------------------- Portal Name: LinksPro Standard Edition Vendor : http://www.codefixer.com/applinkspro/standard.asp Author : PouyaServer , [email protected] Aria-Security.Net Vulnerability : SQL ---------------------------------------------------------...

LinksPro - 'OrderDirection' SQL Injection

source: https://www.securityfocus.com/bid/33305/info LinksPro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data...